DATA PROTECTION

1. Whom can I contact if I have questions about data protection?
Our services are preferred by millions around the world. We recommend you first read FAQs and Data Protection Statement for detailed information, as most likely your questions will be answered. If you want to contact us directly regarding Data Protection, please click ‘’Contact’’ on the Wingie platform or send an email to [email protected].

2. Does Wingie process personal data?
Yes, Wingie processes your personal data to provide services to you, such as arranging flight reservations and related payments. Wingie uses your data when;

• When booking a flight
• When you contact our call center
• When you participate in a customer survey
• When you interact with us via social media such as Twitter, Facebook, Instagram.

3. Can I opt out of collecting or sharing my information?
If you want to use Wingie, no. Because we need your personal data to offer our services to you. If you decline Wingie’s use of information, we cannot provide our services.

4. Where does Wingie store and use my data and is it shared with third parties?
We store data on servers in Belgium and Turkey using Google Cloud Services. We also use web services of airlines and payment service providers, for flight reservations or purchases, and transfer your data to these third parties, if necessary. However, we never sell your personal data to third parties.

5. Does Wingie encrypt my data?
Yes, your personal data is encrypted during transmission. Additionally, Wingie complies with the Payment Card Industry Data Security Standard (PCI DSS) Level 3, which is a generally accepted method of optimizing payment security.

B. Wingie.de–Privacy Policy (Including Cookie Policy)

1. Introduction
   1. Wingie and Privacy
   2. Definitions
2. Which information do we collect
   1. Information You Provide to Us
      1. Information you provide during a booking
      2. Information you provide through our support channels
   2. Information We Automatically Collect When You Use the Platform
      1. Your Use of the Platform
      2. Device and Connection Information
      3. Cookies
      4. Web-Tracking
         1. Use of Google Analytics
         2. Using Criteo
   3. Information we receive from other sources
3. For which purposes do we use the collected information?
   1. To provide services and personalize your experience
   2. For research and development
   3. To contact you about the services
   4. For marketing, development, and promotion of services
   5. For customer service
   6. For security and protection
   7. With permissions
4. With whom do we share the collected information?
   1. Sharing with third parties
      1. With airline companies
      2. With global distribution systems
      3. With payment system providers
   2. Third-party websites
   3. Social media widgets
   4. Third-party providers
   5. Law enforcement requests
5. How do we store and secure collected information?
   1. Information Storage and Security
   2. How long do we keep the information?
      1. Account Information
      2. Information you share on the platform
      3. Marketing Information
6. How can you access and control your information?
   1. Your Rights
      1. Contradiction
      2. Information
      3. Correction
      4. Deletion
      5. Processing Restriction
      6. Data Portability
      7. Withdrawal of Consent
      8. Complaint
   2. Updating your information
   3. Deactivating your account
   4. Deleting your information
   5. Unsubscribing from the newsletter
   6. Disabling cookie controls
   7. Sending tracking signals
7. International transfer of collected information
8. Data Protection
9. Changes

Wingie Online Platform (“Wingie”) operated by Wingie GmbH, based in Friedrichstrasse 171, 10117, Berlin, Germany, is a partner company of Enuygun Com İnternet Bilgi Hizmetleri Teknoloji ve Ticaret A.Ş., (“Enuygun”), based in Küçükbakkalköy, Kayışdağı Street Alliance Tower 1/16 34750 Atasehir Istanbul, Turkey.

Wingie takes the protection of your privacy and your personal data very seriously. Below, we inform you about the collection, processing, and use of your personal data while using our platform. From time to time this Privacy Policy will be updated, so we encourage you to read it each time you visit our platform or use our services.

The legal basis for us to process your personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons in relation to the free processing of personal data. On the free movement of such data and repealing Directive 95/46/EG (General Data Protection Regulation/GDPR) data protection law to Regulation (EU) 2016/679 and implementing Directive (EU) 2016/680 (Data Protection Adaptation) repeal and Enforcement Act of 30 June 2017 (EU–DSAnpUG-EU) (Federal Data Protection Act / BDSG). We process your personal data in accordance with these laws. Such as;

• If you have given your consent,
• to perform contractual obligations toward you,
• to safeguard our legitimate interests, weighing them up against your protection interests,
• insofar as we are legally obliged to process it (e.g., to release data to investigative authorities).

We strive to constantly improve our platform and always adapt it to your needs. For this purpose, both the information that you expressly provide to us, and that we receive automatically, both the information you explicitly provide to us and the information we receive automatically, triggered by the manner you use the platform, are used as detailed below, even if you do not knowingly provide this information.

The terms are explained below:

• GDPR” refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data, on the free movement of data and repealing Directive 95/46/EC, also “Privacy -Basic Regulation".
• "BDSG" refers to the law for adapting data protection law to Regulation (EU) 2016/679 and for implementing Directive (EU) 2016/680 (Data Protection Adaptation and Implementation Act (EU–DSAnpUG-EU)) of June 30, 2017, also known as the “Federal Data Protection Act”.
• "Platform" is the Internet service operated under the URL www.wingie.de.
• "Operator" is Wingie GmbH, Friedrichstr. 171, 10117 Berlin ("Wingie" or "we"), entered in the commercial register of the district court of Berlin-Charlottenburg under HRB 180382, which operates the platform and is responsible within the meaning of the GDPR.
• "Third-party providers" are third-party companies with which the operator works, and who offer and provide additional services for users of the platform.
• According to Art. 4 No. 1 GDPR, "personal data" is all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
• "Cookies" are small text files that are sent from a web server to a web browser (e.g., Mozilla Firefox or MS Internet Explorer) and enable the operator to use the device you are using (e.g., computer, smartphone, etc.) collect specific information related to your online activity. Cookies have limited validity, serve to make the Internet offer more user-friendly and effective overall, and cannot run programs or transmit viruses to your computer. You can prevent the storage of cookies via your browser settings.
• According to Art. 4 No. 4 GDPR, "profiling" means any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to analyzing or predicting work performance, economic condition, health, personal preferences, interests, reliability, conduct, whereabouts, or relocation of that natural person.

We use your personal data to process and manage your online flight booking. For the first booking, we need information such as surname, first name, telephone number, e-mail address, date of birth, and gender. In addition, we need your payment details such as bank details or credit card information for every booking.

When you visit our platform, we also store the data that your browser transmits to enable you to visit our platform, e.g. B., Your IP address, the platform which you are visiting, the browser type, and the date and duration of the visit for statistical purposes (see section "Web tracking").

1.1.2 Information you provide through our support channels

We offer international customer service. For the exact service times, please refer to the information on www.wingie.de under “Contact”. By passing on your relevant data, e.g. reservation information, to our customer service representatives, we can always respond if you need our help.

When you call our call center, if you give consent, your conversation with the call center agent will be recorded to improve service quality and for keeping a record of services. In addition, with your consent, for quality control and training purposes, live listening of conversations may happen.

Your conversation will be recorded when you use our chat support to improve service quality and proof of service.

Call and chat recordings are kept for a limited period and automatically deleted, unless Wingie has a legitimate interest in keeping the recording in individual cases, for example, to investigate fraud cases.

1.2 Information We Automatically Collect When You Use the Platform

1.2.1 Your Use of the Platform

We receive certain information about you when you visit and interact with our platform. This information includes the features you use, the links and buttons you click, and commonly used search terms. For example, we process usage data to determine that users cannot find an airport with a specific search term. In this case, we could add a suggestion for this search term.

1.2.2 Device and Connection Information

Server log data: This data is automatically transmitted to us by your browser. In particular, they include browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address you used, products you viewed or searched for, page response times, download errors, length of stay on the pages visited on our platform, information about how the page interacts (such as scrolling, clicks, and mouse-overs) and methods of browsing the website. This data is not merged with other data sources. This data is processed based on Art. 6 Para. 1 S.1 f GDPR, as we have a legitimate and overriding interest in the technically error-free presentation and optimization of our website, which requires the processing of the server log data.

Analysis data: If we send newsletters, we process analysis data from the evaluation of the use of the newsletters sent, such as opening the newsletter, reading duration as well as clicks on content. This data processing is carried out to pursue our legitimate and overriding interests of the operator (Art. 6 Para.1 S.1, Letter d) DSGVO) in improving its product quality, improving the alignment of our products to your interests.

1.2.3 Cookies

We explained how cookies work under “Definitions” above. Basically, cookies can contain a variety of information, including information that makes a website visitor personally identifiable (such as name, address, e-mail address, or telephone number). However, a website only has access to personal data that you provide yourself. For example, a page cannot determine your e-mail address without your help. A website also cannot access other files on your computer.

This platform uses its own and third-party cookies of the following types:

Transient cookies: These are automatically deleted when you close the browser, including particularly the session cookies. These save so-called session-ID, with which various requests from your browser can be assigned to the joint session. This allows your computer’s recognition when re-using this platform. Session cookies are deleted when you log out or when you close your browser.

Persistent cookies: These cookies are changeable and automatically deleted after a certain period of time. You can delete cookies in the security setting tab on your browser at any time.

Cookies that are required to carry out the electronic communication process, or to provide specific functions you want (e.g. shopping cart function), are stored on the basis of Art. 6 Para. 1 S.1, Letter f) GDPR, as we hold a legitimate authority for the technically error-free and optimized provision of our services.

You can choose to configure your browser setting according to your preferences, such as refusing to accept third-party cookies or all cookies. However, we want to remind you that in this case, you may not be able to use all the functions of this platform.

1.2.4 Web-Tracking

1.2.4.1 Use of Google Analytics

Wingie uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies (see above). The information generated by this cookie about your use of this platform is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. The USA has an appropriate level of data protection within the meaning of Art. 45 Para. (3) GDPR in the form of the EU-US Privacy Shield. Information on this is available online at http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf.

The IP address transmitted by Google Analytics as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly, however, we want to remind you that in this case, you may not be able to use all the functions of this platform. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google using the browser available at the following link Download and install the plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.3

This platform uses Google Analytics with the extension "_anonymizeIp ()". As a result, IP addresses are processed in an abbreviated form so that a direct personal reference can be ruled out.

The use of Google Analytics takes place in accordance with the conditions to which the German data protection authorities agreed with Google. Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/en .html, Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.com/intl/en/policies/privacy

1.2.4.2 Using Criteo

Criteo GmbH collects and stores anonymized information about user behavior on our website. This data is stored in cookies on your computer. Based on an algorithm, Criteo GmbH analyzes the anonymously recorded surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). In no case can this data be used to personally identify you as a visitor to our websites. The collected data will only be used for the improvement of the offer. Any other use or disclosure of this information to third parties will not take place.

You can object to the completely anonymous analysis of your surfing behavior on our websites by clicking here on Criteo Host. If you have already done so and want to see personalized Criteo banners again, please click on Criteo entry. Further information on the technology used can be found in the privacy policy of Criteo GmbH at https://www.criteo.com/de/privacy/.

1.3 Information we receive from other sources

We may receive information about you from other users:

If you book for someone else through the platform, we will request personal information and travel preferences about that individual. You should obtain the consent of other individuals consent before providing us with their personal information and travel preferences. Access to this information, e.g. for correction, is only possible via your email address.

Other users of our website may provide information about you when they submit content through the platform.  For example, you might be added as a passenger to a flight, as a result, your name, surname, age, and gender might be shared with us. This information will be stored as passenger information.

2. For which purposes do we use the collected information?

2.1. To provide services and personalize your experience

We use information about you to provide the services described in the Platform's Terms of Service section, including processing transactions related to you, verifying your identity when logging in, providing customer support, and operating and maintaining the service.

2.2. For research and development

We are always looking for ways to make our platform faster, more secure, and more useful to you. We use collective learning about how people use our platform and feedback provided directly to us to identify trends, usage, activity patterns, and areas for platform integration and improvement.

2.3. To contact you about the services

We use your contact information to provide you with transactional communications on the Platform and via email, including confirming your transactions, responding to your questions and inquiries, and providing customer support. We may also send you event-related email notifications to inform you that current online promotions are available for you, e.g. your online check-in.

2.4. For marketing, development, and promotion of services

We use your contact information to send you promotional communications that interest you, including by email, after you have given your consent. This communication aims to promote the Services for you to get the most out of the Platform. We also communicate with you about new product offers and promotions. You choose whether or not to receive these communications and can change your choice at any time; see No. 5.5 "Unsubscribing from the newsletter".

2.5. For customer service

We use your information to; solve technical problems you may encounter, respond to your requests, analyze and troubleshoot information about system crashes, and improve our service.

2.6. For security and protection

We use information about you and the service provided to you, to monitor and review our platform for suspicious or fraudulent activity and to identify violations of our policies.

2.7. With permissions

We use information about you when you particularly consent to us using it for additional specific purposes not listed above. For example, with your permission, we may publish statements or customer testimonials to market our company's services.

3. With whom do we share the collected information?

3.1 Sharing with third parties

We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Platform.

3.1.1 With airline companies

We work with airlines to bring you their services. Airlines conduct your flight bookings on the platform. Airlines are obliged to access and use your personal data such as name, surname, date of birth, gender, e-mail address, and phone number. We advise you to read the privacy policies of the airlines whose flights you book through Wingie. Please note that airlines may contact you to obtain additional information about you, to facilitate your booking, or to respond to a review you have submitted.

Transmitting your contact information to the airline also allows them to inform you of short-term service changes (flight time changes, flight cancellations, etc.). If we only have your contact details, we will transmit them. For this reason, if you book for several people,  you are obliged to forward the relevant information from the airline to the passengers you specify to be traveling with you promptly. We do not accept responsibility for any deterioration in the enforcement of passenger rights if the information is not transmitted.

3.1.2 With global distribution systems

We work with global distribution systems to provide access to airline in-flight services. Global distribution systems access your personally identifiable information, including; name, surname, date of birth, gender, email address, and phone number, and share this information with airlines. The airlines then conduct your bookings.

3.1.3 With payment system providers

We use the credit card information you have registered on the platform to process payment for the booked flights. To do this, we work with payment system providers, which include banks and other financial systems. Here, the cardholder's name, card number, expiration date, and the CVV number of the credit card are transmitted to the provider, as registered by you.

3.2 Third-party websites

Our Platform may contain links that direct you to other websites or services whose privacy standards may differ from ours. If you submit information to any of these third-party websites, your information will be governed by their privacy policies and not ours. We, therefore, encourage you to carefully read the privacy policy of any other platform you visit.

3.3 Social media widgets

Some of our pages contain widgets and social media features, e.g. Facebook share button. These widgets and features collect your IP address, and the page you are visiting and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our platform. Your interactions with these features are governed by the privacy policies of the company providing them.

3.4 Third-party providers

We work with the following third parties:

3.5 Law enforcement requests

If necessary, we transfer information about you to third parties. This applies to the following cases:

• to comply with legal requirements, particularly those related to national security, and to comply with court or governmental orders
• to protect the security or integrity of our products and services, our business, our platform, our customers, or the public from harm or illegal activities (see 2.6)
• to enforce our legitimate interests (see 2.7)
• to protect outstanding legal interests, particularly the health and life of people

4. How do we store and secure collected information?

4.1 Information Storage and Security

We use a cloud service provider in Belgium to store the information we collect, and we use technical measures to keep your data secure. Although we implement security measures to protect your data, no security system is impenetrable due to the very nature of the Internet. Despite the highest security standards, we cannot guarantee that data is safe from unauthorized access ("hacking") by criminal third parties during transmission over the Internet, or while it is being stored on our systems or otherwise in our care.

4.2 How long do we keep the information?

The retention period of information depends on its type, as explained in more detail below. After this period expires, we will delete or anonymize your data. If this is not possible temporarily (for example, because the information is stored in backup archives), in the first place we will store your information securely and isolate from further use, and then delete it as soon as possible.

4.2.1 Account Information

We retain your account information for as long as your account is active and for a reasonable time afterward if you decide to reactivate your account.

4.2.2 Information you share on the platform

4.2.3 Marketing Information

If you have opted to receive marketing emails from us, we retain information about your marketing preferences for a reasonable time. This process starts from the last date you expressed your interest in our platform. We also collect information from cookies and other tracking technologies for a reasonable time from the date such information is created.

1. How can you access and control your information?

You have the right to certain choices to control how we handle your information. The following is a summary of these possibilities and their limitations to them. You can exercise some of the options through the links displayed on the platform in the footer. For all other inquiries, you can contact us as indicated in the "Contact Us" field below to request assistance.

5.1. Your Rights

5.1.1. Contradiction

You can object at any time to the processing of personal data that is carried out to protect our overriding interests (Art. 6 Para. 1 S.1 f) GDPR). This also applies to processing of personal data for direct advertising and profiling, insofar as it is related to direct advertising. To object, please use the contact form or send us an email.

5.1.2. Information

You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data. If personal data is transmitted to a third country or an international organization,  as the data subject you have the right to be informed of the appropriate guarantees (according to Art. 46 GDPR) concerning the transmission.

5.1.3. Correction

You have the right to demand that we correct any incorrect personal data concerning you without undue delay. Considering the purposes of the processing, you have the right to request the completion of incomplete personal data - also through a supplementary declaration.

5.1.4. Deletion

You have the right to request that we delete personal data concerning you immediately if one of the following reasons applies:

• The data are no longer necessary for the purposes for which they were collected or otherwise processed.
• The consent on which the processing was based under Art. 6 Para. 1 S. 1, Letter a) or Art. 9 Para. 2 a) DSGVO is revoked and there is no other legal basis for the processing.
• You object to the processing under Article 21 (1) or (2) GDPR and there are no overriding legitimate reasons for the processing.
• The data was processed unlawfully.
• The deletion of the data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the operator is subject.
• The data was collected concerning information society services offered directly to a child under the age of 16 under Article 8 (1) GDPR.

Upon your request, we are obliged to delete the relevant data immediately. The legality of the processing is carried out based on the consent until the revocation remains unaffected.

5.1.5. Processing Restriction

If you dispute the accuracy of your personal data, you have the right to request a restriction in the processing of this data for a time that enables us to verify its accuracy. If the processing is unlawful, and you refuse the deletion of the personal data, you can instead request the restriction of the use of this data. The processing is also restricted if we no longer need the personal data for processing purposes, but you need them to assert, exercise, or defend your own legal claims, or if you have objected to the processing under Article 21 (1) GDPR, as long as it has not yet been determined whether our legitimate reasons outweigh your reasons. You will be informed before the restriction is lifted.

You have the right to receive the personal data that you have provided to us in a structured, common, and readable format and to transmit this data to another person responsible without hindrance from the operator. The requirements are that;

• the processing is based on consent (Art. 6 Para. 1 S.1 a) and Art. 9 Para. 2 a) GDPR) or on a contract (Art. 6 Para. 1 S.1 b) GDPR), and
• the processing is carried out using automated procedures.

When exercising the right to data portability, you can request that we transmit the personal data directly to another responsible body, to that degree, as this is technically feasible.

5.1.7. Withdrawal of Consent

If the processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on basis of the consent until the revocation.

5.1.8. Complaint

If you believe that our processing of your personal data is unlawful, you can complain to a supervisory authority. In particular, you can contact the supervisory authority of your place of residence, your place of work, or the place of the alleged infringement. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, phone: +49 (0)30 13889-0, fax: +49 (0)30 2155050, email: [email protected]; www.datenschutz-berlin.de. Further regulations on the complaints procedure can be found in Art. 77 GDPR

5.2. Updating your information

Wingie gives you the ability to update your profile settings at any time.

5.3. Deactivating your account

If you no longer wish to use our services, you can deactivate your account. This function is available in your account settings. Please note that deactivating your account will not delete your data. See below for more information on deleting your information.

5.4. Deleting your information

You can delete your profile data; see number 5.1.4. This does not include information that we need to keep completing transactions, to comply with our legal obligations, or that we need to pursue any claims we may have against you.

5.5. Unsubscribing from the newsletter

You may opt out of further receiving promotional communications from us to which you have previously consented by following options, to have your contact information removed from our newsletter email list or registration database. By using the unsubscribe link within each email, updating your email preferences in the Settings Menu of your account, or contacting us at ''Contact Us'' below. If you no longer receive advertising messages from us, you will continue to receive messages about transactions that are completed on our platform. You can turn off some notifications in your account settings.

5.6. Disabling cookie controls

Relevant browser-based cookie controls are described under No. 1.2.3.

5.7. Sending tracking signals

Some browsers have built-in "Do Not Track" (DNT) features that can send a signal to the websites you visit to indicate that you do not wish to be tracked. As there is not yet a common understanding of how to interpret the DNT signal, our platform does not currently respond to browser DNT signals. You may use the range of other tools we make available to control data collection and use, including the ability to unsubscribe from marketing newsletters, as described above.

6. International transfer of collected information

We may also forward personal data to companies or authorities located in so-called third countries outside the EU or EEA. Simply before the transfer, we ensure that the recipient has an adequate level of data protection (for example, due to an adequacy decision of the EU Commission for the relevant country or because of the agreement of the so-called EU standard data protection provisions with the recipient ) or that you have consented to the transfer. We also forward your personal data to our partner company in Turkey, Enuygun, to process your booking. For Turkey, as a recipient country, there is currently no adequacy decision made by the EU Commission on an appropriate level of data protection within the meaning of Article 13 (1) § f) GDPR. Regulatory authorities, data protection principles, and/or data protection rights in Turkey may not provide a level of protection equivalent to the European General Data Protection Regulation. However, anytime we transfer your information, we take steps to protect it.

Our data protection officer (DPO) can be reached as follows:
Mrs. Nihan Çolak Erol
Email: [email protected]
Phone number: +44 203 9360 985
Fax: +90 216 575 01 42
Address in the EU: Wingie GmbH, Friedrichstr. 171, 10117, Berlin, Germany
Address in Turkey: Küçükbakkalköy, Kayışdağı St., Allianz Tower 1/16 34750 Atasehir, Istanbul

Wingie may change this privacy policy, including but not limited to;

• if this is required by a supervisory authority or another governmental or regulatory body,
• if this is necessary for compliance with data protection,
• to implement or comply with standard contractual clauses, approved codes of conduct or certifications, binding company rules, or other compliance mechanisms.