Information on data protection

Fluko Flughafenkoordination Deutschland GmbH (hereinafter called: Fluko GmbH) attaches great importance to compliance with data protection requirements when processing personal data. This also applies when you visit our website. Below we would like to inform you about how Fluko GmbH processes personal data and the rights of data subjects arising from data protection.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and national data protection laws of the member states as well as other data protection regulations is:


Flughafenkoordination Deutschland GmbH,
Terminal 2 E, HBK 37, 60549 Frankfurt am Main
Tel: +49 69 2575851-00
Fax: +49 69 69050811


II. How to contact the data protection officer


Deutschland GmbH,
Terminal 2E, HBK 37, 60549 Frankfurt am Main


III. General information on data processing

Data processing when visiting this website


Log files
Every time you visit our website or request a file, data about this process is temporarily stored and processed in a log file.

The following specific data is stored for each visit / request:

  • your anonymised IP address;
  • name of the page / file requested;
  • date and time of your visit / request;
  • quantity of data transferred;
  • a report on whether the visit / request was successful.

IP addresses are stored anonymously. The number of the last octet is deleted and replaced by a 0. IPv6 addresses are also anonymised. The anonymous IP addresses are kept for 60 days. Reports on whether the visit / request was successful are deleted after seven days. In addition to error messages, these reports contain the accessing IP address and, depending on the error, the website requested.


Our website uses cookies. Cookies are text files that the web server places on your computer’s hard drive and contain information that enables the identification of returning visitors to a website, particularly for the purpose of facilitating navigation and exploring user behaviour.

We use the following cookies to make our website more user-friendly:

  • Cookies that check whether the browser sets cookies. This cookie is automatically deleted after the browser programme has been closed;
  • Cookies to store information that the cookie notice has been closed;
  • Cookies to protect the website against cyber attacks; no personal data is stored.

If you do not want us to recognise your computer on a return visit, you should set your Internet browser to delete cookies from your computer hard drive, block all cookies or warn you before a cookie is stored.


Use of Wordfence
For data security reasons and in particular to protect against attacks, our website uses “Wordfence”, which is a security plugin for WordPress. This plugin is used on the basis of Art. 6 (1) lit. f GDPR. The provider of Wordfence is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104.


When you visit our website, the name of the website accessed, file, date and time of access, time zone, notification of successful access, device data and referrer URL (the previously visited page) and IP address are transmitted to Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104 (USA).


Defiant Inc. is currently undergoing the certification process for the EU-US Privacy Shield (as of September 2018). Until this process is completed, data processing in the USA will take place on the basis of the standard data protection clauses pursuant to Art. 46 (2) lit. c GDPR. 


Scope and purpose of the processing of personal data
We process personal data received from applicants during the slot coordination process. Please note that within the framework of sovereign coordination, it is mandatory to provide personal data which is necessary for the commencement, execution and termination of the coordination process or which we are legally obliged to collect. In addition, we receive personal data that results from our business and public relations with various service providers and authorities. Insofar as this is necessary for the provision of our services, we also process personal data which we require from private or public bodies (e.g. airports, holder files of the German Civil Aviation Authority, files of the German air traffic control authority (DFS)) in order to fulfil our sovereign tasks and which are legally transmitted to us.

This includes the following personal data in particular: name, address and other contact data (e.g. e-mail addresses), verification data (aircraft holder/owner). In addition, this includes personal data resulting from slot applications in accordance with the internationally valid communications agreement (SSIM) and/or documentation data (e.g. minutes of meetings) as well as other data comparable with the aforementioned categories.


Legal basis of data processing
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as well as other applicable data protection provisions. The following legal bases should be mentioned in particular:


  • As an institution entrusted with sovereign aviation tasks, we are subject to the legal regulations both in the international field (e.g. IATA Worldwide Scheduling Guidelines), the European field (e.g. Regulation (EEC) No. 95/93 – Slot Regulation) and under German law (e.g. German Air Traffic Act (LuftVG), Regulation on the implementation of airport coordination (FHKV)) as well as the requirements of our legal and technical supervisory bodies and the Federal Ministry of Transport and Digital Infrastructure (BMVI). Fluko GmbH is required to process personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (Art. 6 (1) lit. a GDPR).

This includes:

  • Planning and preparation of slot allocations for air carriers, aircraft holders and owners;
  • Slot allocation as part of initial coordination;
  • Continuous management of slots and new allocations;
  • Withdrawal of slots during the flight scheduling season;
  • Monitoring use of slots;
  • Participation in fine proceedings or other sanction proceedings;
  • Compliance with reporting obligations to the supervisory bodies;
  • Information on slot allocation to authorised third parties before, during and after the flight scheduling season.
  • Fulfilment of legal obligations (Art. 6 (1) lit. c GDPR): Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. This may be the case, for example, in the case of administrative assistance pursuant to Section 5 (1) No. 3 of the German Law on Administration Procedure (VwVfG).
  • Where processing of personal data is necessary for the fulfilment of a contract in which the data subject is a contractual partner, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required in order to take steps prior to entering into a contract.
  • Where processing is necessary in order to protect the legitimate interests of our company or a third party and these interests override the interests, fundamental rights and freedom of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis. Examples:
  • Consultations with authorised aviation authorities;
  • Checking and optimising procedures within the framework of the coordination process;
  • Asserting legal claims and defence in legal disputes;
  • Guaranteeing IT security and IT operation during coordination;
  • Prevention and clarification of administrative offences within the framework of legal regulations
  • Business management measures and development of functions in the coordination software provided
  • Insofar as applicants use airport coordination services, it is assumed by implication that they agree to the processing of the data transmitted; electronic processing is coordinated internationally within the framework of the regulations of the WSG and SSIM and accepted in the Slot Regulation as an industrial standard.


Erasure of data and storage periods
We process and store the personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Data may be stored after this period if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. This includes in particular commercial and fiscal legislation governing storage (German Commercial Code (HGB), German VAT Act (UStG), German Fiscal Code (AO)). The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.


Transmission to third persons (another EU member, third country or international organisations)
Personal data may only be transferred to third parties to the extent permitted by the existing statutory provisions of the Slot Regulation and the corresponding German implementing laws/regulations or the German Law on Administration Procedure (VwVfG) applicable to public authorities. Due to legal obligations, operational and planning data resulting from coordination activities are regularly transmitted to European and German aviation and security authorities. German airports and German as well as international air carriers and aircraft holders have access to an online database with slot planning data via a portal (“IACS”) based in Belgium. The coordination data required for this portal is only available in the German coordination system to which the portal software has access. Data access by bodies within and outside the EU takes place if

  • it is necessary to process applications within the framework of sovereign coordination (e.g. initial coordination);
  • there is a legal basis (e.g. VwVfG ) for accessing data.


Automated decision-making process and automated profiling
Fluko GmbH neither uses fully automated decision making in accordance with Art. 22 GDPR nor does automated profiling.

IV. Rights of the data subject

Every data subject has right of access pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. The restrictions pursuant to Sections 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).