Data privacy

Thank you for visiting our website and showing your interest in our company. Your private online security while using our website is a very important subject for us, please note the following information:

A.T.O. Airline Ticketfabrik Online GmbH / (hereinafter referred to as A.T.O./, as the provider of the website and the responsible party, takes its data protection obligations very seriously and designs its website in such a way that only as little personal data as necessary is collected, processed and used. Under no circumstances will personal data be rented or sold to third parties for advertising purposes. No personal data will be used for advertising or marketing purposes without the express consent of the visitor.

Access to personal data at A.T.O./ is only granted to those persons who need such data for the performance of their duties within the responsible body, who are informed of the statutory provisions on data protection and who have undertaken to comply with them in accordance with the applicable statutory provisions (Art. 5 of the EU Data Protection Basic Regulation (EU-DSGVO)). The collection, processing, use and transmission of the personal data collected shall, in accordance with Art. 6 (1) EU Data Protection Regulation, only take place to the extent necessary for the performance of a contractual relationship between A.T.O./, as the responsible party, and the visitor, as the party concerned.

Changes in purpose of processing and data use

Since technical progress and organisational changes in the processing methods used may change/develop further, we reserve the right to further develop this data protection declaration in accordance with the new technical framework conditions. We therefore ask you to check A.T.O./'s data protection declaration from time to time. If you do not agree with the further developments occurring over time, you may request in writing, in accordance with Art 17 EU-DSGVO, the deletion of data that is not stored on the basis of other legal requirements, such as commercial or tax storage obligations.

Anonymous data collection
In principle, you can visit the websites of the responsible party without telling us who you are. We only learn the name of your Internet service provider, the website from which you are visiting us and the pages on our website that you visit. The legal basis for this data collection is Art. 6 para. 1 lit b DSGVO. This information is evaluated for statistical purposes. As an individual user, you remain anonymous.

Collection and processing of personal data
Personal data is only collected if you provide it to us voluntarily, e.g. for newsletter registration, and give your consent to the use of the data (Art. 6 para. 1 lit. a DSGVO). The responsible party shall comply with the provisions of Art. 5 and 6 EU-DSGVO. As part of the personalised services of the responsible body, your registration data will be processed, subject to your consent, for the purpose of sending you our newsletter or designing the electronic services offered to meet your needs. You have the possibility at any time to object to the storage of your personal data. To do this, please send an e-mail to Datenschutz(at) with the subject "Remove data" and specify the website.
Your personal data will be processed and used in accordance with the provisions of the EU-DSGVO.

Storage period
We store your personal data only as long as we need them for the provision of the web offer used by you or for the fulfilment of contractual relations with you or as long as we have your consent or we have another legitimate interest in the data processing. Any further storage will only take place on the basis of legal regulations.

Rights of the persons concerned
Insofar as we process your personal data, you are entitled to the following rights:

Right to revoke a given consent
If the processing of personal data is based on a given consent, you have the right to revoke this consent. The revocation is valid for the future.

Right to information
You may request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you may request the following information:

  • the purposes of the processing;
  • which personal data will be processed;
  • the recipients of the data in the case of data transfer to third parties, as well as the name and country of domicile of the third party;
  • the duration of data storage;
  • the existence of a right of appeal to the competent supervisory authority;
  • if the data were not collected directly from you, all available information about the origin of the data.

The requested information will be provided to you within one month of receipt of the written request for information at the latest. We draw your attention to the fact that information can only be provided if the identity of the petitioner can be clearly established.

Right to rectification
You have the right to demand that we correct your personal data immediately if it is incorrect.

Right to data deletion ("right to be forgotten")
You have the right to ask us to delete your personal data for any of the following reasons:

  • Personal data is no longer necessary for the purposes for which it was collected or processed.
  • There is no legal obligation for us to store the data.
  • You revoke your consent on which the processing was based and there is no other legal basis for the storage.
  • You object to the processing and there is no legal basis for further storage.
  • The personal data was collected and processed unlawfully from the outset.

Right to limitation of processing
You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:
- You dispute the accuracy of the processing of your personal data for a period of time that allows us to verify the accuracy of the personal data;
- the processing of your personal data is in fact unlawful and you demand the restriction of the use of the personal data instead of deletion;
- we no longer need the personal data for the purposes of processing, but you need it to assert your legal claims, or
- You have lodged an objection against the processing, but it has not yet been established whether our legitimate interests outweigh your legitimate interests.

Right to data transfer
You have the right to receive the personal data concerning you that we have stored in a common and machine-readable format, and you have the right to transfer this data to another responsible person without obstruction by us.

Right of objection
You have the right to object at any time to the processing of your personal data which takes place on the basis of Art. 6 para. 1 lit. e) or f) DSGVO. We will then no longer process this data unless we can prove that there are legitimate reasons for the processing which outweigh your interests.

Right to complain to a supervisory authority
You have the right to complain to the data protection supervisory authority responsible for the data controller.


Export and processing of data in countries outside the European Union

Your personal data will not be exported to countries outside the European Economic Area (hereinafter referred to as EEA).

A transmission of personal data to Google within the framework of the use of analysis programs by the responsible body does not take place, however, because your IP address is only transmitted anonymously. Please read the section "Use of analysis programs" of this data protection declaration.

The service providers used by the responsible party have their headquarters and operate their IT infrastructure exclusively within the EEA. This also applies to any use of cloud-based services. Contracts exist with the service providers which comply with the data protection and data security requirements of the EU-DSGVO. Even if external service providers are called in, A.T.O./ remains the responsible party for the processing.


Use and disclosure of personal data

The personal data collected within the framework of the web pages of the responsible party will only be used without your consent for contract processing and processing of your queries. In addition, your data will only be used for advertising and market research purposes of the responsible office if you have given your prior consent. Otherwise, your data will not be passed on to other third parties. You can of course revoke your respective consent at any time with effect for the future.

External links

For your information you will find links on our pages which refer to pages of third parties. As far as this is not obviously recognizable, we point out to you that it concerns an external link. The responsible party has no influence whatsoever on the content and design of these pages of other providers. The guarantees of this data protection declaration therefore do not apply to external providers.


Use of cookies

The responsible party uses so-called "cookies" to individually design and optimise the online experience and online time of the customer. A cookie is a text file that is either temporarily stored in the computer's main memory ("session cookie") or stored on the hard disk ("permanent" cookie). Cookies contain, for example, information about the user's previous accesses to the corresponding server or information about which offers have been called up so far. Cookies are not used to execute programs or download viruses to your computer. The main purpose of cookies is rather to provide an offer specially tailored to the customer and to make the use of the service as convenient as possible.

The responsible party uses session cookies as well as permanent cookies.

Session cookies
The responsible office mainly uses "session cookies" which are not stored on the customer's hard drive and which are deleted when leaving the browser. Session cookies are used for login authentication and load balancing. These cookies are mandatory for the provision of our website (Art. 6 para. 1 lit. b DSGVO).

Permanent Cookies
In addition, the responsible party uses "permanent cookies" in order to store the personal usage settings that a customer enters when using the services of the responsible party and thus to be able to personalise and improve the service, provided that you give your consent (Art. 6 para. 1 lit. a DSGVO). The permanent cookies ensure that the customer finds his personal settings again when he visits the web pages of the responsible office again. In addition, the service providers who have commissioned the responsible office to analyse user behaviour use permanent cookies in order to be able to recognise returning users. These services store the data transmitted by the cookie exclusively anonymously. An allocation to the IP address of the customer is not maintained.


Avoidance of cookies

The visitor has the possibility to refuse the setting of cookies at any time. This is usually done by selecting the appropriate option in the browser settings or by additional programs. Further details can be found in the help function of the browser used by the customer. If the customer decides to deactivate cookies, this can reduce the scope of services and have a negative effect on the use of the services of the responsible party.


Use of analysis programs

The responsible party carries out or has carried out analyses of the behaviour of its customers when using its service. For this purpose, anonymised or pseudonymised usage profiles are created. The user profiles are created for the unique purpose of constantly improving the service of the responsible party.

The responsible party exclusively uses the web analytics tool Matomo on the website. Since this tool is not hosted by an external service provider, but is implemented directly on the server environment of the responsible party, no data is transferred to third parties. The present data protection declaration therefore applies directly for Matomo.


Use of social media buttons

To share the content of our online services via social networks, we offer so-called social media buttons. For this purpose, we have implemented the social media buttons provided by Heise Medien GmbH & Co. KG, which provides social media buttons that conform to data protection regulations.

The buttons offered directly by the operators of social networks impermissibly transmit personal data such as the IP address or entire cookies already when loading a website on which they are integrated, and thus pass on unsolicited precise information about your surfing behaviour to the social services. You do not need to be logged in or a member of the respective network. A Shariff button, on the other hand, only establishes direct contact between the social network and the visitor when the latter actively clicks on the Share button. In this way Shariff prevents you from leaving a digital trace on every page you visit and improves data protection. By using Shariff we can protect your personal data and still integrate buttons for social sharing. Further information about c't Shariff can be found at:


Online offers on social media platforms

We offer online services on various social media platforms in order to provide you with information and to get in touch with you.

We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media services, the platform operator stores cookies in your browser, in which your usage behaviour or interests are stored for market research and advertising purposes. The user profiles obtained in this way - mostly across all devices - are used by the platform operators to display personalised advertising. Data processing may also affect persons who are not registered as users with the respective social media platform. Under certain circumstances, your data may be processed outside the European Union, which can make it more difficult to enforce your rights. When selecting such social media platforms, however, we make sure that the operators undertake to comply with the data protection standards of the EU.

The processing of your personal data when you visit one of our social media services is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information opportunity as well as communication with you. The legal basis for this is Art. 6 para. 1 lit. f DSGVO. Under certain circumstances, you have also given a platform operator consent to data processing, in which case Art. 6 para. 1 lit. a DSGVO is the legal basis.

Detailed information on data processing in connection with the use of our social media services, opt-out options and the assertion of information rights can be obtained from the data protection declaration of the relevant platform operator. The links to the data protection declarations of the platform operators can be found below.


Use of YouTube plugin

We use for the integration of videos among other things the supplier YouTube. YouTube is operated by YouTube LLC with headquarters in 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The privacy policy, both for Google+ and YouTube, can be found at : or in German language at:

The possibility to object with effect for the future is possible at:

Use of Vimeo PlugIn

We use the provider Vimeo for the integration of explanatory videos. Vimeo is operated by Vimeo Inc., with its registered office at 555 West 18th Street in Ney-York, New-York 10011. The Vimeo Inc. privacy policy can be found at:

Further information and contacts

If you have further questions on the subject of "Data protection at the responsible party", please contact the data protection officer of our company. You can inquire which of your data is stored by us. In addition, you can send information, requests for deletion and correction of your data and suggestions at any time by letter or e-mail to the following address:

Dr. Charlotte Lauser 
data protection officer
Dr. Gerhard-Hanke-Weg 31
D-85221 Dachau