Information about cookies and similar technologies
This section explains how we use cookies and similar technologies at miles-and-more.com. This supplements our “Miles & More Website, App & Communications Media” data protection policy.
We use cookies, local and session storage as well as web beacons to ensure that our service is as user-friendly as possible.
1. Cookies
A “cookie” is a small text file that a web server (for example the www.miles-and-more.com web server) sends to your browser when you visit a website. The cookie file is stored or rejected depending on your browser settings. If the file is stored, our web server can recognise your device. The cookie can save you having to re-enter information the next time you visit the site or when you switch between functions that require you to enter a password. Cookies therefore make it easier for you to use websites that require user information.
We use:
- Session cookies
These expire at the end of the browser session and are used to record your browsing activities. They are deleted when you close your browser.
- Permanent cookies
These are stored on your device between different browser sessions and can record your settings or activities on multiple websites. They are deleted after a predefined period that can vary depending on the cookie. You can also delete the cookies at any time, however, in your browser settings.
- Session storage
Comparable to the use of cookies. Session storage means data is stored in your browser and deleted when you close your browser.
- Local storage
This is also comparable to the use of cookies. It permits the more secure, longer-term storage of the information contained. See “Local storage” for further information.
- Operationally essential
These cookies are absolutely essential for the operation of the website and facilitate logging in, redeeming miles and security features, for example. These types of cookies also allow us to recognise whether you wish to remain logged in to your profile so that you can access our services more quickly the next time you visit our website. - Personalisation
These cookies are used to display personalised content to you that matches your interests. This makes it possible to present offers that are especially relevant to you. - Analytics & Statistics
We use tools to improve the user-friendliness and performance of our website. These help us to find out how users move around on the site, where problems in use occur and which processes cause difficulties for users. - Advertising
We use marketing and third-party cookies for the purposes of optimising, analysing and personalising advertising campaigns: (1) cookies to show you personalised advertising on other websites (Google Ads); (2) cookies to assign you to a target group list. If you are logged in as a member, your email address is used to generate a cryptographic attribute which is sent to our advertising partners. This enables us to show you advertising online and on social media that corresponds to your interests (Google Customer Match).
It is possible that your browser is already set up to display an alert every time it receives a cookie request. This alert can be very annoying, because the identification cookie must be sent again when you access each individual page on our website. We therefore recommend that you set up your browser to always allow cookies from www.miles-and-more.com. You can specify this setting for single websites on an individual basis.
You can find out more about the use of cookies and how to disable them at meine-cookies.org or youronlinechoices.com.
Cookies
| mamcom_cl | MMG | This cookie remembers the language/country setting based on the location or the requested URL. | Session | Essential |
| mamcom_cl_last | MMG | This cookie remembers the user’s last language/country setting. | 1 year | Essential |
mamcom_resolvedcountryconflicts |
MMG |
Cookie that stores the requested decision when the country is changed. |
1 year |
Essential |
mamcom_resolvedlanguageconflicts |
MMG |
Cookie that stores the requested decision when the language is changed. |
1 year |
Essential |
mamcom_promo |
MMG |
This cookie recognises whether a member has already registered for a promotion and thus enables information to be displayed showing that the registration has already been completed. |
1 year |
Essential |
mamcom_cookieusage |
MMG |
This cookie enables the “Cookie Usage Indicator” (cookie information bar) not to be displayed again once the user has closed it. |
1 year |
Essential |
| STAT | MMG | This (short-term) cookie defines the end of “authenticated” status after login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 30 minutes | Essential |
STATInfo |
MMG |
This (short term) cookie defines the end of “authenticated” status after login. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. |
30 minutes |
Essential |
| MFAT | MMG | This (multi-factor) cookie defines the end of “two-factor authenticated” status after a successful two-factor login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 10 minutes | Essential |
| MFATInfo | MMG | This (multi-factor) cookie defines the end of “two-factor authenticated” status after a successful two-factor login. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 10 minutes | Essential |
| LTAT | MMG | This (long-term) cookie defines the end of “identified” status after login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 30 days | Essential |
LTATInfo |
MMG |
This (long-term) cookie defines the end of “identified” status after login. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. |
30 days |
Essential |
DWM_XSITECODE |
Amadeus |
This cookie defines which settings (e.g. texts, rules) should be used for the flight award booking. |
Session |
Essential |
um_jst |
Amadeus |
This cookie is used for the technical security of the current session during the flight award booking. |
Session |
Essential |
| ak_wfSession | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| ak_bmsc | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| bm_sv | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| bm_mi | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| bm_sz | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 4 hours | Essential |
| _abck | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 1 year | Essential |
visitor |
Q.Two |
This cookie is used to track whether you have been redirected through miles-and-more.com to the online shopping partners. |
30 days |
Essential |
mamcom_consent_date |
MMG |
This cookie stores the date on which a user consented to the cookie. |
1 year |
Essential |
mamcom_consent_choice |
MMG |
This cookie stores the cookie selection made by the user. |
1 year |
Essential |
s_ecid |
Adobe Experience Cloud |
This cookie serves as a reference ID for identifying unique visitors if the AMCV cookie has expired.
|
2 years |
Essential |
AMCV_###@AdobeOrg Example: see (1) |
Adobe Experience Cloud |
This cookie is used to identify a unique visitor. |
2 years |
Essential |
| demdex | Adobe Experience Cloud | This cookie is used to identify a unique visitor on Miles & More websites. | 6 months | Essential |
s_cc |
Adobe Analytics |
This cookie is set to determine whether the browser permits cookies. |
Session |
Essential |
s_sq |
Adobe Analytics |
|
Session |
Essential |
s_vi |
Adobe Analytics |
|
2 years |
Essential |
s_vi_s |
Adobe Analytics |
This cookie is used to identify a unique visitor. |
1 hour |
Essential |
s_vi_* |
Adobe Analytics |
This cookie is used to identify a unique visitor. |
2 years |
Essential |
s_fid |
Adobe Analytics |
This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. |
2 years |
Essential |
s_getNewRepeat |
Adobe Analytics |
This cookie is used to determine a new or returning visitor.
|
1 month |
Essential |
s_invisit |
Adobe Analytics |
This cookie is used to determine a new or returning visitor and the number of their visits. |
Session |
Essential |
s_ppv |
Adobe Analytics |
This cookie is used to store the previous page that the user visited to track the scrolling behaviour. |
Session |
Essential |
s_ppvl |
Adobe Analytics |
This cookie is used to store the previous page that the user visited to track the scrolling behaviour. |
Session |
Essential |
s_ppn |
Adobe Analytics |
This cookie is used to store the previous page that the user visited to track the scrolling behaviour. |
30 minutes |
Essential |
s_tp |
Adobe Analytics |
This cookie is used to store information about the percentage of the displayed page that the user has loaded. |
1 month |
Essential |
s_vnum |
Adobe Analytics |
This cookie is used to record the user’s number of visits. |
1 month |
Essential |
| mamcom_refresh_localstorage | MMG | This cookie launches an update of the available data in local storage following an update of the profile data. |
5 minutes | Essential |
| mamcom_{nonce} |
MMG | This cookie converts the value of the URL parameter “state” required during the authentication of the user and for back navigation on https://account.miles-and-more.com into a random alphanumerical figure. This allows for the pseudonymised processing of this value to authenticate the user through back-end systems. |
1 day | Essential |
| TUAT | MMG | This allows users to register for Travel ID during the booking process. The TUAT enables the data collected during the registration process to also be used for the booking process without requiring users to complete the registration process beforehand via the activation link. Users are not logged in only because of the TUAT cookie. The TUAT is valid for 10 minutes. After that, the TUAT cookie will no longer be able to retrieve data. |
10 minutes |
Essential |
| mamcom_alert | MMG | This cookie remembers whether the warning notification was actively closed by a user to no longer display the notification for as long as the cookie applies. |
7 days | Essential |
| mamcom_appdownload_visitor | MMG | This cookie is only placed on mobile devices and remembers whether the website has already been opened in the same browser in the past. | 1 year | Essential |
| mamcom_appdownload_banner | MMG | This cookie is only placed on mobile devices and remembers how often the app banner has been closed in the same browser to prevent unwanted display of the banner. | 1 year | Essential |
| Devicefingerprint | MMG | This cookie remembers the user’s trusted browsers for the purpose of two-factor authentication via the app, making it possible to log in on these browsers without an additional code from the authentication app. | 1 year | Essential |
mbox |
Adobe Target |
This cookie is used for A/B tests and for personalisation purposes. |
1 year |
Personalisation |
| {}{_}gcl_au |
Google (Google Campaign Manager, Display & Video 360, Google Ads, Search Ads 360) |
These third-party cookies are used to process your data to create target group lists to show you advertising online and on social media that corresponds to your interests. |
90 days |
Advertising |
| _gcl_aw |
Google (Google Ads) |
These third-party cookies are used to process your data to create target group lists to show you advertising online and on social media that corresponds to your interests. |
90 days |
Advertising |
| {}gcl_dc{_} |
Google (Google Campaign Manager, Display & Video 360, Search Ads 360) |
These third-party cookies are used to process your data to create target group lists to show you advertising online and on social media that corresponds to your interests. |
90 days |
Advertising |
| _hjSessionUser_{site_id} | Hotjar | This cookie ensures that data from later visitors to the website is allocated to the same user. | 1 year | Analytics & Statistics |
| _hjFirstSeen | Hotjar | This cookie identifies a new user’s first visit. | 30 minutes, extended depending on the user’s activity. | Analytics & Statistics |
| _hjHasCache dUserAttributes | Hotjar | This cookie checks whether the data in the local storage of the browser is still current or needs to be updated. | Session | Analytics & Statistics |
| _hjUserAttributesHash | Hotjar | This cookie checks whether the user properties are still current or need to be updated. | 2 minutes, extended every 30 seconds. |
Analytics & Statistics |
| _hjUserAttributes | Hotjar | This cookie stores user attributes in hash form. | Local storage. No explicit expiry date. |
Analytics & Statistics |
| _hjViewportId | Hotjar | This cookie stores details of the user’s viewport, such as the size and dimensions. | Session | Analytics & Statistics |
| _hjActiveViewportIds | Hotjar | This cookie stores which particular user viewports are active. | Local storage. No explicit expiry date. |
Analytics & Statistics |
| _hjSession_{site_id} | Hotjar | This cookie ensures that data from subsequent sessions is linked with one another. | 30 minutes, extended depending on user activity. | Analytics & Statistics |
| _hjSessionTooLarge | Hotjar | This cookie ensures that Hotjar terminates data recording if a session becomes too long/large. | 1 hour | Analytics & Statistics |
| _hjSessionResumed | Hotjar | This cookie ensures that sessions can be continued if the connection is interrupted. | Session | Analytics & Statistics |
| _hjCookieTest | Hotjar | This cookie checks whether Hotjar can use cookies or not. | Is deleted immediately after it is created. Below a duration of 100 ms the cookie expiry time is adjusted to the duration of the session |
Analytics & Statistics |
| _hjLocalStorageTest | Hotjar | This cookie checks whether Hotjar can use the local storage or not. | Below 100 ms duration | Analytics & Statistics |
| _hjSessionStorageTest | Hotjar | This cookie checks whether Hotjar can use the session storage. | The data stored in _hjSessionStorageTest does not have a duration of validity, but is deleted immediately after it is created. Below 100 ms duration. |
Analytics & Statistics |
| _hjIncludedIn PageviewSample | Hotjar | This cookie checks the users’ limit recorded in the measurement using the page accesses. | 2 minutes, extended every 30 seconds. | Analytics & Statistics |
| _hjIncludedIn SessionSample_{site_id} | Hotjar | This cookie checks the users’ limit recorded in the measurement using the maximum number of daily sessions. | 2 minutes, extended every 30 seconds. | Analytics & Statistics |
| _hjAbsoluteSessionInProgress | Hotjar | This cookie recognises the user’s first access of the site. | 30 minutes, extended depending on user activity. | Analytics & Statistics |
| _hjTLDTest | Hotjar | This cookie is used as a test cookie to ensure that Hotjar is functioning correctly. | Session | Analytics & Statistics |
| _hjRecordingEnabled | Hotjar | This cookie informs Hotjar that a session recording has been initialised. | Session | Analytics & Statistics |
| _hjRecordingLastActivity | Hotjar | This cookie shows Hotjar that data has been sent to the Hotjar server. | Session | Analytics & Statistics |
| _hjClosedSurveyInvites | Hotjar | This cookie lets Hotjar know that a user has reacted to a survey invitation so that the user is not invited again. | 1 year | Analytics & Statistics |
| _hjDonePolls | Hotjar | This cookie ensures that a survey is not displayed again if the user has already taken part. | 1 year | Analytics & Statistics |
| _hjMinimized Polls | Hotjar | This cookie ensures that a survey remains minimised for as long as the user is navigating through the website. | 1 year | Analytics & Statistics |
| _hjShownFeedbackMessage | Hotjar | This cookie ensures that a feedback report remains minimised for as long as the user is navigating through the website. | 1 day | Analytics & Statistics |
| visitor | Q.Two | This cookie is used to track whether you have been redirected through miles-and-more.com to the online shopping partners. | 30 days | Essential |
| cl_last | Q.Two | This cookie remembers the user’s last language/country setting. | 1 year | Essential |
| consent_choice | Q.Two | This cookie stores the cookie selection made by the user. | 1 year | Essential |
name: AMCV_2F4160D5561546F97F000101%40AdobeOr
2. Web beacons
Web beacons are small graphic files (also known as “tracking pixels”, “pixel tags” or “clear GIFs”) that can be embedded in our websites, apps, applications and newsletters, and are normally used in conjunction with cookies. All the information about cookies given above also applies to web beacons. Most notably, web beacons will not be used if you have rejected the use of the respective cookie.
3. Local storage
We use the function known as local storage. This means that your data (master data, status data and programme data) is stored locally in your browser’s cache once you have logged in. Your data is deleted after you have closed the browser window, except for your last chosen login method. This information is retained and can be retrieved the next time you access the website unless you delete your browser’s cache. By using local storage, we facilitate the correct display of your data when you are surfing our website without slowing the process unnecessarily or overloading the interfaces.
If you do not want local storage to be used, you can change your settings accordingly in your browser at any time. Please note that if you do so the functionalities of our website may be limited or no longer available. In particular, you will then not be able to access your personal profile.
Local storage
| Name | Description | Validity | Category |
|---|---|---|---|
ID |
Object ID |
Login session |
Essential |
Date of birth |
Date of birth |
Login session |
Essential |
Preferred language |
Preferred language in the user data |
Login session |
Essential |
Academic title |
Visitor’s academic title |
Login session |
Essential |
First name |
Visitor’s first name |
Login session | Essential |
Middle name |
All the visitor’s middle names |
Login session |
Essential |
Surname |
Visitor’s surname |
Login session |
Essential |
Gender |
Visitor’s gender |
Login session |
Essential |
Activity status |
Activity status |
Login session |
Essential |
Cardholder’s name |
Name stated on the service card |
Login session |
Essential |
Ticketholder’s name |
Name stated on the flight ticket |
Login session |
Essential |
Processing of personal data (PPD) |
Consent to the collection, storage and processing of personal data - Master data - Transaction data - Web tracking information - Status information |
Login session |
Essential |
Behaviour-based consent (BP) |
Consent to the collection and processing of personal data by the Lufthansa Group for commercial purposes |
Login session |
Essential |
Customer number |
Visitor’s customer number |
Login session |
Essential |
LHCOM alias (user ID and password authentication) |
The alias set up by the visitor at registration using the user ID and password |
Login session |
Essential |
LH-ID alias (email address and password authentication) |
The alias set up at registration via Lufthansa with the LH-ID |
Login session |
Essential |
Service card number FTL |
Card number for FTL status |
Login session |
Essential |
Service card number INST |
Card number for INST status |
Login session |
Essential |
Service card number SEN |
Card number for SEN status |
Login session |
Essential |
Service card number HON |
Card number for HON status |
Login session |
Essential |
Branding |
Branding in accordance with the brand logic |
Login session |
Essential |
Registration date |
Visitor’s registration date |
Login session |
Essential |
Member’s status level |
Visitor’s status level |
Login session |
Essential |
Status basis |
Basis for the visitor’s status |
Login session |
Essential |
Source code of registration |
Source code of registration used by the member for registration |
Login session |
Essential |
Primary card number (service card number and PIN authentication) |
Value of the primaryCardNumber key in the membership data |
Login session |
Essential |
Membership status |
Visitor’s membership status |
Login session |
Essential |
poolOption |
Option for Mileage Pooling for the user |
Login session |
Essential |
Award miles |
Account balance of award miles
|
Login session |
Essential |
eVouchers |
Remaining value of the eVouchers |
Login session | Essential |
Status miles |
Account balance of status miles |
Login session |
Essential |
HON Circle miles |
Account balance of HON Circle miles |
Login session |
Essential |
Flight segments |
Account balance of flight segments |
Login session |
Essential |
Select miles |
Account balance of select miles |
Login session |
Essential |
The number of status miles still required to maintain status |
The number of status miles still required to maintain status |
Login session |
Essential |
The number of flight segments still required to maintain status |
The number of flight segments still required to maintain status |
Login session |
Essential |
The number of status miles still required to achieve a higher status |
The number of status miles still required to achieve a higher status |
Login session |
Essential |
The number of flight segments still required to achieve a higher status |
The number of flight segments still required to achieve a higher status |
Login session |
Essential |
Fraud risk |
The fraud risk checked at the time of flight award booking |
Login session |
Essential |
Recruiting partner |
The partner recruiting the visitor |
Login session |
Essential |
Registration partner |
Visitor’s registration partner |
Login session |
Essential |
Partner for further access |
Visitor’s partner for further access |
Login session |
Essential |
Expiry date of current status |
Date on which the current status expires |
Login session |
Essential |
Expected date for new Status Star |
The data on which the next Status Star is expected based on the Status Star Points rate (extrapolation) |
Login session |
Essential |
Object ID for contact point |
Contact point object ID |
Login session |
Essential |
Contact point usage |
Usage of a contact point (only PRIVATE in future) |
Login session |
Essential |
Channel of the contact point |
Information about the channel of the contact point - Primary mobile phone number - Landline number - Fax number - Postal address - Email address |
Login session |
Essential |
Confirmation date |
Date on which the contact point was last confirmed |
Login session |
Essential |
Region/Federal state |
Region/Federal state of an address with the channel POST |
Login session |
Essential |
Country |
Country of an address with the channel POST Country of residence of a visitor at “standard”: true |
Login session |
Essential |
City |
City of an address with the channel POST |
Login session |
Essential |
Street |
Street of an address with the channel POST |
Login session |
Essential |
addAddressLine |
Additional information of an address with the channel POST |
Login session |
Essential |
PO box |
PO box number of an address with the channel POST |
Login session |
Essential |
Building |
Building information of an address with the channel POST |
Login session |
Essential |
Company name |
Company name of an address with the channel POST |
Login session |
Essential |
Postcode |
Postcode of an address with the channel POST |
Login session |
Essential |
PO box address |
PO box indicator if the street or PO box of an address with the channel POST was specified |
Login session |
Essential |
Invalid address |
Indicator of a contact point that indicates whether the contact point is still valid |
Login session |
Essential |
Standard |
Indicator that indicates whether the contact point is the primary contact point - Primary email address - Primary mobile phone number - Primary postal address |
Login session |
Essential |
Email address |
Email address of a contact point with the channel EMAIL |
Login session | Essential |
International dialling code |
The international dialling code of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Essential |
Area code |
The area code of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Essential |
Number |
The number of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Essential |
Preferred departure airport |
Preferred departure airport |
Login session |
Essential |
Preferences for mobile boarding pass |
The preferred option for a mobile boarding pass |
Login session | Essential |
Subprogrammes |
All active and inactive subprogrammes of a visitor |
Login session |
Essential |
Subscriptions |
All the visitor’s subscriptions |
Login session |
Essential |
Consents |
All consents given by the visitor |
Login session |
Essential |
One-off consents |
All one-off consents given by the visitor |
Login session |
Essential |
Expiry of award miles |
Information about the expiry of award miles |
Login session |
Essential |
Expiry of eVouchers |
Information about the expiry of eVouchers |
Login session |
Essential |
Re-qualification marking |
Re-qualification marking |
Login session |
Essential |
Remaining miles |
The number of remaining miles required for AC enquiries |
Login session |
Essential |
Tool pages |
The data stored to make the country and language-based functions of the last used tools available |
Login session |
Essential |
Benefit code |
The code that identifies the benefit |
Login session |
Essential |
Form of utilisation of a benefit |
Type of benefit: - OUTBOUND FLIGHT - INCENTIVE IN PROGRAMME CURRENCY - CURRENCY EXCHANGE - PARTNER CARD - PERSONAL |
Login session |
Essential |
Benefit status |
Status of the benefit: - OPTIONAL - SELECTED - EXPECTED
|
Login session |
Essential |
Benefit threshold |
Threshold above which the benefit changes from the status EXPECTED to the status OPTIONAL if not yet SELECTED
|
Login session |
Essential |
Expiry date of the benefit |
Expiry date of the benefit with the status OPTIONAL
|
Login session |
Essential |
Maximum conversion value of the benefit |
Maximum conversion value of a benefit of the type CURRENCY EXCHANGE
|
Login session |
Essential |
Date of benefit selection |
The date on which the visitor selected the benefit
|
Login session | Essential |
Ratio of the benefit for mileage exchange |
The possible conversion ratio of a benefit of the type CURRENCY EXCHANGE |
Login session |
Essential |
Updating intervals |
Time stamp of the last update of locally stored data |
Login session |
Essential |
Inbox information |
Information about documents stored in the inbox: date, quantity, number, ID, subject, content, expiry date, read/unread, origin |
Login session |
Essential |
Authentication: CSRF_TOKEN |
Every action that changes a status requires this secure random token to prevent CSRF attacks. |
Login session |
Essential |
Authentication: KEY_CUSTOMER_ID |
Is sent back by the authentication call and stored for further API calls. |
Login session | Essential |
Authentication: KEY_LOGIN_TYPE |
Stores the last used form of login. |
Continuing |
Essential |
mamcomreferrer |
Required to store the original past context before a change to the country and/or language. |
Login session |
Essential |
mamcombacklinkisfallbackpage |
Required to store if the current country and/or language selection reverts to the fallback page. |
Login session | Essential |
Time stamp of the authorisation layer |
Stores the date on which the layer of an authorisation migration or authorisation maximisation was displayed to a visitor. |
Login session |
Essential |
Session storage
Name |
Description |
Validity |
Category |
|---|---|---|---|
Response data for retroactive credit request |
Covers the status and amount of the retroactive credit request and is required to display the response on the thank-you page for the retroactive credit request. |
Session |
Essential |
Process number |
The thank-you page for the retroactive credit request requires that the parameter for the session storage “requid” displays the process number. |
Session |
Essential |
4. Legal bases
The legal basis for the use of operationally necessary cookies is Art. 6(1)(1)(b) GDPR (performance of the contract and steps prior to entering into a contract); the legal basis for the use of cookies for analysis or marketing purposes and for the use of web beacons and local storage is Art. 6(1)(1)(f) GDPR (legitimate interest). For web beacons, with cookies for statistical and personalisation purposes, the company’s interest lies in the ongoing development and relevance of the website and programme. For the use of local storage, the company’s interest lies in speeding up processes and preventing system overload.