Lufthansa LEOS GmbH for https://www.lufthansa-leos.com/
We, Lufthansa LEOS GmbH, Lufthansa Basis, 60546 Frankfurt/Main, Germany, (hereinafter also referred to as "we" or "us"), hereby provide you with information on the processing of your personal data collected as part of your use of our website https://www.lufthansa-com.com/ ("website").
If you have further questions on the subject of data protection in connection with our website or the services offered on it, please contact our data protection officer:
Lufthansa data protection officer
Dr. Barbara Kirchberg-Lennartz
Deutsche Lufthansa AG
2. Scope and purpose of and legal basis for the processing of personal data
We collect and use personal data directly from our users or from other sources (see below) in the following situations:
2.1. Provision of the website and creation of log files
Whenever users visit our website, our system automatically records data and information from the computer system used to call our website. The following data ("technical information") is collected in the process:
• Information on the type of browser used and its version
• The user's operating system
• The user's Internet service provider
• The user's IP address
• The date and time of access
• Websites from which the user's system accesses our website
• Websites that the user's system calls from our website
The log files contain IP addresses or other data that may, in some cases, enable them to be associated to a user. That may be the case, for example, if personal data is contained in the link to the website from which the user enters our website, or the link to the website to which the user switches.
The data is likewise stored in our system's log files. This data is not stored together with other personal data of the user.
We collect and use this technical information for purposes of (network) security (such as to combat cyberattacks), marketing, and to be able to better understand our users' needs, as well as to continuously improve our website and to enable us to deliver the website to the user's computer system.
The data is stored in log files in order to ensure that the website functions properly. This data also helps us optimize the website and ensure the security of our IT systems. It is not analyzed for marketing purposes in this connection.
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the EU General Data Protection Regulation (GDPR).
2.1.2. Tracking tool
We use the following tracking tool on our website:
The legal basis for using it is our legitimate interests in accordance with Article 6(1)(f) of the GDPR for the purpose of enhancing the efficiency of our website and (direct) marketing.
You can find more information on eTracker in section 8 "Tracking tool: eTracker."
2.2. Use of the services offered on our website
We offer a number of services on our website. To provide those services, we must collect and process personal data from the user or our customers.
2.2.1. Contact forms
You can address inquiries to us and get in touch with a specific contact person using various contact forms. To do this, you must provide your contact information. You will find the following contact forms on our website:
• General Lufthansa Lufthansa LEOS contact form
• Sales contact form
• Press contact form
2.2.2. Customer contact data
Contact data which a sales employee at Lufthansa LEOS receives from the employees of our potential or actual customers for the purpose of business communication is recorded in our shared CRM system and is thus also available to other companies in the Lufthansa Technik Group for that purpose.
188.8.131.52 Integrated system calls
After you log in, several applications that are available via the portal can be called up directly (single sign-on). Lufthansa LEOS uses these applications to provide its customers with valuable information and evaluations with respect to purchased services. If an application is called up, session cookies, the user ID and the customer organization of the user who has logged in are transferred to that application. This process supports the provision of the work focus in order to deliver the most direct access to relevant information possible.
184.108.40.206 Authorization statistics
We provide selected users (called key users) with reports in order to enable regular audits of existing user IDs and the associated system authorizations by our customers. These reports include:
• User ID
• Telephone number
• Fax number
• Customer organization
• System authorizations
2.2.3 Statistical analyses
It cannot be ruled out that your data will be analyzed in a data warehouse so that our users' preferences can be evaluated ("statistical analyses"), to enable marketing oriented to users' interests, personalized user address and the continuous optimization of our business processes. We process the data in this way to gain a better understanding of what our customers expect from us and to be able to offer them personal communication tailored to their needs. These analyses also help us in fraud detection, auditing, and ensuring security, i.e. we process the data to safeguard our legitimate interests in accordance with Article 6(1)(f) of the GDPR.
2.3. Our legitimate interests in processing personal data
Where Article 6(1)(f) of the GDPR is the legal basis for processing, our legitimate interests – apart from the purposes stated above – are:
• Protecting the company against material or non-material damage
• Making our products and services more professional
• Optimizing (controlling and minimizing) costs
2.4. Other processing obligations
Where we are obligated by law, we process personal data to comply with retention obligations under commercial law or to meet statutory requirements relating to security (such as those pursuant to Section 7 of the German Aviation Security Act (LuftSiG)). You can find more information on retention periods in the section "Duration of data processing" below.
3. Duration of data processing
Your personal data is erased as soon as it is no longer required for the specified purposes. It may be the case that personal data is retained for the period of time in which claims may be asserted against Lufthansa LEOS GmbH. In addition, personal data is stored if and for as long as Lufthansa LEOS GmbH is obligated by law to do so. Such documentation and retention obligations are stipulated by the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG), among others. Under this legislation, storage may be required for up to ten years.
4. Right to object in accordance with Article 21 of the GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5. Disclosure of personal data to third party
We may be required to forward your personal data to third parties within or outside the Lufthansa Group in order to be able to offer you our products and services on the basis of our contractual obligations or our legitimate interests. These recipients can be categorized as follows:
• Service providers
• Transportation and logistics
• Government bodies and authorities
• Members of the Lufthansa Technik Group
In the process, personal data may be transferred to third countries or international organizations. In order to protect you and your personal data, there are suitable safeguards in such cases as stipulated by and in compliance with statutory requirements (in particular the use of EU standard contractual clauses) or there is an adequacy decision adopted by the EU Commission (Article 45 of the GDPR).
You can find information on EU standard contractual clauses at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF. The EU Commission provides information on its adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.
We are also obligated by law to provide personal data to German and international authorities (Article 6 (1) point (c) of the GDPR in conjunction with local and international regulations and agreements.
6. Rights of data subjects
Lufthansa LEOS GmbH is committed to the fair and transparent processing of data. We therefore believe it to be important that data subjects not only have the right to object, but can also exercise the following rights if the relevant legal requirements are fulfilled:
• Right to access personal data and obtain information (Article 15 of the GDPR)
• Right to rectification (Article 16 of the GDPR)
• Right to erasure ("right to be forgotten") (Article 17 of the GDPR)
• Right to restriction of processing (Article 18 of the GDPR)
• Right to data portability (Article 20 of the GDPR)
You can contact email@example.com by e-mail to exercise your rights. To handle your request and for the purpose of identification, we note that we will process your personal data in accordance with Article 6(1)(c) of the GDPR.
You also have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for Lufthansa LEOS GmbH is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Phone: +49 611 1408 - 0
Fax: +49 611 1408 – 611
If you have given us your consent to process your personal data, we note here that you can revoke this consent at any time.
You can contact firstname.lastname@example.org in all other cases or if you have problems revoking your consent on this website.
Please note that any revocation of your consent is valid only with future effect and does not have an impact on the lawfulness of past processing of your data. In some cases we have the right despite the revocation of your consent to continue processing your personal data on another legal basis, such as to fulfill a contract.
8. Tracking tool: eTracker
We use eTracker as a tracking tool. Its functions are explained in the following paragraphs.
eTracker stores data on visitors, IP addresses and the device and domain data of visitors. This data is stored in truncated form or encrypted so that it is not possible to identify the individual user from it.
The collected data is administered in a data center located in Hamburg, Germany using the highly secure, high-quality and highly available data center infrastructure of IPHH Internet Port Hamburg GmbH, which is certified as complying with ISO/IEC 27001:2013.
eTracker gives us insights into the following data:
• When the website was accessed (month, year, week, day, time of day)
• What devices were used to access the website and what browser and operating system those devices use
• What individual pages of the website are visited
• Visitors' regions and languages
• Visitors' click behavior: Click paths, click frequency
• Dwell times on the individual pages of the website
• Most-clicked pages on the website
• Where the website was accessed from (referrer)
• How often the website or its individual pages were called
• Whether and how visitors return to the website or its individual pages
You can obtain more information on this tracking tool at https://www.etracker.com/
9. LEOS Instandhaltung: Datenschutz-Information gemäß Art. 13 und 14 DSGVO
In Befolgung der EU-DSGVO kommen wir an dieser Stelle unserer Informationspflicht entsprechend dem Art. 14 und 14 Abs.1 a-e sowie Abs.2 a-e nach.
(1-a) Name der verantwortlichen Stelle:
Lufthansa Engineering and Operational Services GmbH
Anschrift der verantwortlichen Stelle:
Lufthansa Engineering and Operational Services GmbH
(1-b) Datenschutzbeauftragte der Deutschen Lufthansa:
Dr. Barbara Kirchberg-Lennartz, FRA DSB
(1-c) Zweckbestimmung der Datenerhebung, -verarbeitung oder -nutzung:
Gegenstand der Geschäftstätigkeit des Unternehmens an den Standorten DUS, FRA und MUC ist die Durchführung von Instandhaltungen für eigene und externe Geräte und Fahrzeuge aus dem Bereich Bodendienstleistungen.
Wir erheben und verarbeiten Ihre Daten zu folgenden Zwecken:
• Auftragserstellung und -zuordnung
• Kontaktaufnahme bei Rückfragen
(1-d) Kategorien personenbezogener Daten, die verarbeitet werden:
Zu den oben genannten Zwecken ist es erforderlich, dass wir folgende Daten von Ihnen erheben und verarbeiten:
Vorname, Name, Abteilungsbezeichnung, Adresse, Telefon, Telefax, E-Mail.
(1-e) Empfänger Ihrer personenbezogenen Daten:
Ihre Daten werden von den Mitarbeitern der Werkstatt und der Buchhaltung Lufthansa Engineering and Operational Services entgegengenommen und bearbeitet.
(2-a) Die Lufthansa Engineering and Operational Services ist gemäß §238 Abs. 1 HGB dazu berechtigt, ihre Daten bis zu 10 Jahren nach Beendigung der Beziehung aufzubewahren.
(2-b) Die Verarbeitung Ihrer Daten zur Zuordnung der Aufträge und Rechnungserstellung erforderlich.
(2-c) Sie haben das Recht auf Auskunft über die Verwendung und Verarbeitung Ihrer Daten (Art 15 DSGVO). Sie haben das Recht auf Berichtigung Ihrer Daten (Art 16 DSGVO). Sie haben das Recht, auf Übertragung Ihrer Daten in einem maschinenlesbaren Format zu Ihrer freien Verwendung (Art 20 DSGVO). Sie haben das Recht auf Löschung Ihrer Daten, sofern die erhobenen Daten nicht für oben in (1-c) aufgeführten Zwecke notwendig sind. Sie haben das Recht, die Einschränkung der Verarbeitung Ihrer Daten zu verlangen (Art 18 DSGVO). Sie haben das Recht, von Ihrem Widerspruchsrecht bezüglich der Verarbeitung Ihrer Daten Gebrauch zu machen (Art 21 DSGVO). Dies hätte zur Folge, dass Ihr Auftrag nicht angenommen werden kann.
(2-e) Sie haben das Recht auf Beschwerde bei einer Aufsichtsbehörde.
(2-f) Sie haben das Recht auf Auskunft, aus welcher Quelle ihre personenbezogenen Daten stammen.
Last modified: 27 September 2018