Privacy Policy

Data protection

We draw your attention to the following information in accordance with the EU General Data Protection Regulation (hereinafter "GDPR"):

1. Name and contact details of the person responsible for processing and the company data protection officer

The person responsible for data protection for the processing of personal data is Kosova Airlines GmbH, Brandschenke Str. 178, 8002 Zurich, Switzerland, Tel: +41 (0)44 3155959, [email protected] .

The operational data protection officer of Kosova Airlines can be reached at the above address and at [email protected].

2. Collection and storage of personal data as well as type and purpose and their use

You can access our website without directly providing any personally identifiable information (such as your name, postal address or email address). In this case, too, we must collect and store certain information in order to enable you to access our website. We also use certain analysis methods on our website and have integrated functionalities from third-party providers. In addition, we offer you some functions on our website for which we have to collect personal data.

We collect and process personal data to the following extent:

  1. Log files: When you visit this website, our web server automatically saves data and information from the end device and browser you are using. Information on the browser type and version used, the operating system, the Internet access provider, the IP address of your device, the date and time of access, the website from which you are visiting our website and the pages you visited on our website . We process this technical information in the log files of our systems and do not combine it with other personal data about you. We process the technical information to enable you to access our website, to ensure the functionality of our website and the security of our IT systems and to optimize our website.
  1. Cookies and Tracking/Google Analytics: This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you will if applicable not be able to use all functions of this website in full. You can also prevent the data generated by the cookie and relating to your use of the website (incl. .
  1. Flight booking: We offer you the opportunity to book our flights on our website.
    1. Booking data: We request the information required to process your booking (in particular your first and last name, your date of birth, your billing address and information about the payment method you have selected, your e-mail address and your mobile number). The required information is marked as such on our website, without this information it is not possible to complete your booking. We process this data to carry out the contract of carriage concluded with you; The legal basis is Article 6 Paragraph 1 b) GDPR.
    2. Flight-related mailings: We use your e-mail address to send flight-related information and offers by e-mail. The legal basis is Article 6 Paragraph 1 f) GDPR and Section 7 Paragraph 3 UWG.
    3. Passenger data: If you book a flight (also) for one or more other people, we also need the first and last name and date of birth for these passengers. This information is also required to complete the booking. We process this data to protect our legitimate interest in the implementation of the contract of carriage concluded with you; The legal basis is Article 6 Paragraph 1 f) GDPR. When booking a flight for one or more additional persons, please make this data protection information available to this person or persons.
  1. Information by e-mail: If you have registered for our e-mail newsletter, we will process your e-mail address on the basis of your consent in order to send you information about our services (e.g. package tours, hotels, rental cars, insurance, events, tours and activities).
    Your personal data will not be passed on to third parties, and we process your data exclusively for the selection of individualized content and for sending the newsletter within the framework of the consent you have given. The legal basis is Article 6 Paragraph 1 a) GDPR.
  1. Contact: You can contact us, among other things, via our contact form, the call center, by e-mail, social media. We collect all the data you provide and store it to the extent necessary to process your request. If necessary, data will be stored longer after processing has been completed for reasons of preserving evidence. The legal basis is Article 6 Paragraph 1 a), b) and f) GDPR
  1. Web chat : If you use our online chat for support, we only process the data you have entered. Providing your name and email address is voluntary. We only store this data for the duration of the chat consultation. The legal basis is Article 6 Paragraph 1 a) and f) GDPR.
  1. Statistical evaluations: If required, we can evaluate your personal data to evaluate your preferences for the purposes of interest-oriented marketing, individual addressing and the continuous optimization of our business processes. We do this to gain a better understanding of what our customers expect from us and to be able to provide you with personalized communications. In addition, these evaluations help us to detect fraud, audit and ensure security, which is why we carry out this processing to protect our legitimate interests; The legal basis is Article 6 Paragraph 1 f) GDPR.
  1. Other legitimate interests: If necessary, we also process your data beyond the aforementioned purposes to protect our legitimate interests or the interests of third parties; this is done on the basis of Article 6 Paragraph 1 f) GDPR. Our legitimate interests include
    1. the assertion of legal claims and defense in legal disputes;
    2. the prevention and investigation of criminal offenses and
    3. the management and further development of our business activities, including risk management.

3. Disclosure of data to third parties

Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. This includes in particular the specialist departments involved in the provision of our services and our IT department. Thanks to a role and authorization concept, access within our company is limited to those functions and the scope that is required for the respective purpose of processing.

We may also transfer your personal information to third parties outside of our company to the extent permitted by law. These external recipients can include in particular

  • those third parties that we use to provide our services (e.g. the operation of flights), insofar as the transmission is necessary to fulfill the contracts concluded with us, such as providers of ground handling services at the airports we fly to;
  • the service providers engaged by us (e.g. in the areas of transport, marketing, IT or payment processing) who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
  • non-public and public bodies, insofar as we are obliged to transmit your personal data due to legal obligations.
  • Your personal data is generally processed within the EU or the European Economic Area.
  • In certain cases, information may be transmitted to recipients in so-called "third countries". "Third countries" are countries outside the European Union or the Agreement on the European Economic Area, in which a level of data protection that is comparable to that in the European Union cannot be assumed without further ado.
  • If the transmitted information also includes personal data and we are not obliged to transmit it due to a legal obligation, we ensure before such a transmission that the required appropriate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This can result in particular from a so-called "adequacy decision" by the European Commission, which determines an adequate level of data protection for a specific third country overall. Alternatively, we can also base the data transfer on the so-called "EU Standard Contractual Clauses" agreed with a recipient or - in the case of recipients in the USA - on compliance with the principles of the so-called "EU-US Privacy Shield".

4. Automated Decisions

In connection with the operation of our website, we generally do not use automated decision-making (including profiling) within the meaning of Article 22 GDPR. If we use such procedures in individual cases, we will inform you of this separately to the extent provided for by law.

5. Data Security

In principle, we store your personal data as long as we have a legitimate interest in this storage and your interests in not continuing the storage do not outweigh it.

Even without a legitimate interest, we can continue to store the data if we are legally obliged to do so (e.g. to fulfill storage obligations). We delete your personal data without your intervention as soon as knowledge of it is no longer necessary to fulfill the purpose of processing or storage is otherwise legally impermissible.

Usually will

  • the log data is deleted within thirty days, unless further storage is required for statutory purposes such as uncovering misuse and identifying and eliminating technical faults;
  • the data processed in connection with a flight booking will be deleted at the latest after the statutory retention periods have expired; and

The personal data that we have to store to fulfill storage obligations will be stored until the end of the respective storage obligation. Insofar as we store personal data exclusively to fulfill storage obligations, these are usually blocked so that they can only be accessed if this is necessary with regard to the purpose of the storage obligation.

6. Right to Object

  1. Right of objection according to Art. 21 GDPR
    You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) e) or f) GDPR ; this also applies to profiling based on these provisions. In the event of your objection, we will no longer process the personal data relating to you, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
    If we process the personal data concerning you in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
    In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
  1. Revocation of consent
    If you have given us consent (e.g. in connection with information by e-mail, you can revoke such consent at any time with effect for the future. We usually provide you with a corresponding information in our e-mail information Link is available in each of our newsletters.You can also contact us in other ways, e.g. by sending a message by post, fax or e-mail using one of the contact methods listed on the first page of this data protection notice
  1. Further rights As the data
    subject, you have the right
  2. for information on the personal data stored about you, Article 15 GDPR;
  3. to correct incorrect or incomplete data, Article 16 GDPR;
  4. to erasure of personal data, Article 17 GDPR;
  5. to restriction of processing, Article 18 GDPR; and
  6. to data portability, Article 20 GDPR

To exercise these rights, you can contact us at any time - for example via one of the contact methods specified at the beginning of this data protection notice.
If you have any questions about the processing of your data, you can also contact our data protection officer.
You are also entitled to lodge a complaint with a competent supervisory authority for data protection, Article 77 GDPR.

7. Update of this statement

We may update this privacy statement from time to time. This privacy policy was last updated on May 23, 2018.