Data protection

This is the data protection information for the website of Lufthansa Industry Solutions, which is operated by Lufthansa Industry Solutions GmbH & Co. KG (Schützenwall 1, 22844 Norderstedt, Germany).

Overview of the following topics

Information on data protection

The following information on data protection is applicable with effect from May 25, 2018 and reflects the increased transparency requirements under the EU General Data Protection Regulation.

Who is the data controller?

We, Lufthansa Industry Solutions GmbH & Co. KG, Schützenwall 1, D-22844 Norderstedt, Germany, (below also “LHIND”, “we”, “us”), inform you below about processing your personal data that is either collected directly from you (e.g., when you sign a contract with us) or while you are using our website https://www.lufthansa-industry-solutions.com (“website”), or is collected by third parties and/or other sources.

Each reference to LHIND below also refers to the following LHIND companies: Lufthansa Industry Solutions AS, Lufthansa Industry Solutions BS and Lufthansa Industry Solutions TIA.

Whom can I approach?

If you have any questions on data protection in connection with our website or the services offered by LHIND, feel free to contact us:

Data protection officer

Our group data protection officer for the Lufthansa Group can be reached as follows:
E-Mail: datenschutz@dlh.de

Data controller

Requests for information can be addressed to:
Lufthansa Industry Solution GmbH & Co. KG
Data access
Schützenwall 1
D-22844 Norderstedt
Germany

or by e-mail to:
dataaccess@lhind.dlh.de

Communications by e-mail are not encrypted.

For what purposes do we process your data (purpose of processing) and on what legal basis?

We process personal data in keeping with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (DPA).

We process personal data to comply with our contractual obligations under (b) of Article 6 (1) GDPR. In particular, this includes:

  • event registrations and event management

We also process your data to safeguard our legitimate interests under (f) of Article 6 (1) GDPR:

  • to guarantee IT security and IT operations on the website
  • to optimize specific Internet offerings,
  • to prevent fraud, defend against denial of service attacks and the use of bots

We process your data based on your consent under (a) of Article 6 (1) GDPR for specific purposes, especially:

  • for contacting you
  • for sending you news or information with regular offers from Lufthansa Industry Solutions
  • for regular mailing of the LHIND newsletter
  • for invitations to events
  • for market research and customer surveys
  • to personalize/individualize the offering adapted to the specific users
  • for analytical purposes in order to optimize our offering for you.

Consent can be withdrawn at any time. This also applies to the withdrawal of informed consent forms that were filed with us before the GDPR came into effect, namely before May 25, 2018. A withdrawal of consent has prospective effect only and does not affect the lawfulness of the data processing until the date of withdrawal.

What personal data are you obligated to provide?

For statutorily prescribed or contractual requirements, we have marked the input fields in the input forms on our website that are mandatory in order to enable us to enter into a contract with you or provide you the required service. If the required data is not provided, the contract cannot be signed or the service cannot be provided.

How long is your data stored?

Your personal data is deleted once it is no longer required for the purposes specified. We may possibly need to store your data until the duties and periods of preservation prescribed by the legislature or supervisory authorities arising out of the German Commercial Code (HGB = Handelsgesetzbuch), the Fiscal Code (AO = Abgabenordnung) or the German Money Laundering Act (GWG = Geldwäschegesetz) lapse or expire; these are generally 6 to 10 years. In addition, we may preserve your data until the expiry of the statutory period of limitation (generally 3 years, but could also extend to 30 years in specific instances) if required to enforce, prosecute or defend legal claims. The data is routinely deleted thereafter.

Storage duration of

  • Contact data from contact requests or arranged appointments for 12 months
  • Contact data from event (free of charge and paid) until completion of event,
  • Contact data from training requests and sweepstakes for 12 months
  • Contact data from events (free of charge and in return for payment), training requests and competitions – 36 months
  • Contact data that was provided when consenting to receive marketing materials until withdrawal or if there is no activity (email, appointment, phone call, task, website activity) within two years. When contact data is deleted, activity data (email, appointment, phone call, task, website activity) is also deleted.
  • Log files for 90 days

Furthermore

  • in case of invoicing and/or prize awards for 10 years

Who receives your data?

During the data processing listed above and in the context of each applicable legal basis (contract fulfillment, legitimate interests, consent or regulatory processing duties), your data may be forwarded to the following categories of recipients:

  • Service providers for e-mailing and postal mailing, as well as sales activities, e.g., mailing of news and information, invitation to events, personalized offerings and newsletters
  • Other service providers, e.g., for delivering the website

Here, personal data may be transmitted to third countries or international organizations. For your protection and the protection of your personal data, appropriate security precautions are taken for such data transmissions according to the provisions of statutory requirements and in conformance with these requirements.

If these transmissions do not have a legal basis or are sent to a country for which the EU Commission has not issued an adequacy decision, we use standard EU contract clauses.

Information about standard EU contract clauses is available on the website for the Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries.

Link to the European Union Gazette: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087

How can you withdraw consent?

If you have given us consent to process your personal data, please note that you can withdraw your consent at any time.

Consent for cookies that you set in our consent management tool can be edited and withdrawn at any time in the same tool. If the cookie banner is no longer displayed, you will always find a small circle that includes a sign and check mark on the bottom left edge of the screen – as long as you are on our website. When you click that symbol, our Consent Management Tool opens for your changes.

If you have given us consent on this website and wish to withdraw your consent for data processing, please contact marketing.sales@lhind.dlh.de. Furthermore, in marketing and personalized e-mails and in newsletters that are sent by LHIND, you are offered the option via an opt-out link or you click here . Here you can specify the withdrawal that you want to issue. You have the following withdrawal options:

  • Unsubscribe only from newsletter,
  • Unsubscribe from invitations for events,
  • Unsubscribe from e-mails about studies and whitepapers
  • Withdraw consent for marketing materials
  • Withdraw consent for data processing

In all other cases, or if you have problems withdrawing your consent on this web page, you can contact marketing.sales@lhind.dlh.de.

Please note that a withdrawal of consent has prospective effect only and does not affect the lawfulness of any processing performed in the past. In some cases, we are entitled to continue to process your personal data in spite of your withdrawal on some other legal basis - such as to satisfy a contract.

Information on your right to object under Article 21 GDPR

You have the right, for reasons dictated by your own circumstances, to file an objection at any time against the processing of your personal data under (e) or (f) of Article 6 (1) GDPR.

The controller will stop further processing of your personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves to establish, exercise or defend legal claims.

If your personal data is processed for purposes of direct advertising, you have the right to object at any time to your personal data being processed for such advertising.

If you object to your data being processed for direct advertising, your personal data will no longer be processed for such purposes.

You may exercise your right to object by automated means using technical specifications in the context of the use of information society services – notwithstanding Directive 2002/58/EC.

What data do we process?

Hosting and Logfile(-analysis)

When a user visits our website, our system collects data and information from the user’s computer during each visit using automated means. This data is stored in our system logfile. The data is forwarded to and processed by our hosting provider for website delivery. The data is not stored along with the user’s other personal data. We collect and use this technical information for purposes of (network) security (in order to fight cyber attacks, for instance) and to facilitate delivery of the website to the user’s system.

The legal basis for the temporary storage of data and log files is our legitimate interest under (f) of Article 6 (1) GDPR.

The following data (“technical information”) is collected:

  1. Information about the type and version of browser used
  2. The user’s operating system
  3. Device information (type, model, resolution)
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user accesses our website
  7. Websites accessed by the user through our website

Statistical website usage analysis

When you visit our website, we record pseudonymous statistical usage data (e.g., how often pages are accessed) by using cookies.

The legal basis for processing is your consent under (a) of Article 6 (1) GDPR or our legitimate interest under (f) of Article 6 (1) GDPR.

The following data (“technical information”) may be collected here:

  1. Information about the type and version of browser used
  2. The user’s operating system
  3. Device information (type, model, resolution)
  4. The user’s anonymized IP address
  5. Date and time of access
  6. Websites from which the user accesses our website
  7. Websites accessed by the user through our website

Use of cookies

Our website uses cookies. Cookies are text files that are stored within the Internet browser or by the Internet browser on the user's computer. When a user visits a website, a cookie may be stored within the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again. User-related information that is saved in the cookies can be re-used when the site is accessed again. This allows settings that were specified during previous website visits to be available also during the next visit.

Cookies are stored on the user's computer and transmitted to our website. As a user, therefore, you have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing settings in your Internet browser. Cookies saved previously can be deleted at any time. This can also happen automatically. If cookies are disabled for our website, it is possible that not all features on the website will be fully usable.

You can find more information about our cookies, the purposes for which they are used and their legal basis/bases in the overview below or in our cookie policy.

Matomo web analysis tool

LHIND uses the Matomo web analysis tool (cookieless) to optimize our offering. Information about your use of our Internet offering, which is generated without a cookie, is stored on our server in Germany. To prevent drawing any conclusions about your person, LHIND uses the function “Activate IP anonymization” on this website.

Receipt of our news and information

You can consent to the sending of current information and interesting news or marketing materials (e.g., about studies and whitepapers or invitations to events) from LHIND by providing your contact details on our website.

The legal basis for processing is your consent under (a) of Article 6 (1) GDPR.

When you give consent, the following data from the input form is sent to us and processed:

  • Email address
  • Salutation
  • Title
  • First name
  • Last name

If necessary, the following data (if queried) can additionally be sent and processed:

  • Company Name
  • Phone number

In addition, the following necessary technical information is sent and processed:

  • Date and time of registration
  • Technical information (websites from which the user’s system accesses our website)
  • Download/contact form type
  • Status of consent for marketing materials

Your consent for processing data is obtained during the registration process, at which time this data privacy statement is brought to the user’s attention.

This data is stored in our system. The data is transmitted and processed in the context of contacting and sending current information and interesting news to our mailing and dispatch providers as well as providers for sales activities.

We process the data you provide above in connection with news, information or marketing materials in order to communicate with you and keep you informed about interesting topics from the world of LHIND. We also process and use the e-mail address you entered to deliver personalized offerings in connection with the news, information or marketing materials.

We use Microsoft Dynamics 365 to send personalized e-mails.
To personalize the communication and offer content that is of interest to you, we analyze your user behavior in each e-mail by using cookies and similar technologies. This analysis includes, for example, the pages accessed, clicks and reading time.

Personalization of the e-mails is based on analyzing the following data:

  • Your interaction with the e-mails
  • Your master data, which you provide to us voluntarily

The following data is processed by the Microsoft Dynamics 365 delivery tool for marketing, optimization and statutory purposes:

  • Delivery of the e-mail
  • Opening of the e-mail
  • Time of opening and time of clicks
  • End-user device used for opening and clicking
  • Click behavior in the e-mail
  • Your IP address

Receipt of our newsletter

You have the option to subscribe to our newsletter free of charge. Users who consent to our sending of current information and interesting news or marketing materials receive the newsletter free of charge. Your consent for processing data is obtained during the registration process. The legal basis for processing is your consent under (a) of Article 6 (1) GDPR.

When you consent, the following personal data is sent to us and processed:

  • Email address
  • Salutation
  • First name
  • Last name

as well as additionally the following necessary technical information

  • Date and time of registration
  • Technical information (websites from which the user’s system accesses our website)
  • Status of consent for marketing materials

If you consented during a registration process, the following data entered in the input form may be sent and processed:

  • Title
  • Company Name
  • Telephone number
  • Download/contact form type
  • Personal message

Your consent for processing data is obtained during the registration process, at which time this data privacy statement is brought to the user’s attention. Based on your consent, the newsletter is sent to the e-mail address you entered. The newsletter provides you with information about topics concerning Lufthansa Industry Solutions. We use Microsoft Dynamics 365 to send the e-mail newsletter.

To continuously improve the newsletter and communication, we analyze your usage behavior in each e-mail using cookies and similar technologies. This analysis includes, for example, the pages accessed, clicks and reading time.

Personalization of the e-mails is based on analyzing the following data:

  • Your interaction with the e-mails
  • Your master data, which you provide to us voluntarily

The following data is processed by the Microsoft Dynamics 365 delivery tool for marketing, optimization and statutory purposes:

  • Delivery of the e-mail
  • Opening of the e-mail
  • Time of opening and time of clicks
  • End-user device used for opening and clicking
  • Click behavior in the e-mail • Your IP address

Links to Lufthansa Industry Solutions offerings on social networks

The links that LHIND provides to our offerings on social networks, such as our Facebook page, are simple links to the pages of other providers. We do not transmit any personal information to these providers over such links. However, you should be aware that in principle, online offerings by third parties may be able to detect the origin of a visit at a minimum. We have no control over data processing by third parties; consequently, the LHIND data privacy statement does not extend to third party websites.

Features for sharing and recommending Lufthansa Industry Solutions content (such as “Share” and “Like” buttons)

At various places in our online offering, you can share and recommend your content on social networks. This offers a convenient alternative to copying and sending links.

When you use the recommendation features on our web pages, we forward the URL to the social network specified by you. Some networks then immediately add an excerpt of our content to the link. With most social networks, you are asked to provide confirmation before data is saved or forwarded.

Please note that we at LHIND have no knowledge of or control over how social networks act on the information provided by you and whether this information is shared with other websites. We recommend you read the data protection instructions carefully in each case.

In principle, we provide plug-ins on our website in pursuance of our legitimate interests for marketing purposes under (f) of Article 6 (1) GDPR.

What data protection rights do you have?

LHIND considers it important to make the procedures for processing data fair and transparent. We therefore firmly believe that affected persons should be able to exercise the following rights in addition to the right of objection, provided the statutory prerequisites in each case are met:

  • Right of access, Article 15 GDPR
  • Right to rectification, Article 16 GDPR
  • Right to erasure (“Right to be forgotten”), Article 17 GDPR
  • Right to restriction of processing, Article 18 GDPR
  • Right to data portability, Article 20 GDPR
  • Right to object, Article 21 GDPR

To exercise these rights, you can contact us by email at dataaccess@lhind.dlh.de.

We will need the following information for identification purposes:

  • Name
  • Postal address
  • E-mail address and optionally: customer number

If you send us a copy of your identity card, please blank out everything except the last name, first name and address.

Please note that in order to handle your request as well as for identification purposes, we will process your personal data in accordance with (c) of Article 6 (1) GDPR.

In addition, you have the right to lodge a complaint with a supervisory authority under Article 77 GDPR read with Article 19 DPA. The supervisory authority competent for Lufthansa Industry Solutions is

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein [Independent State Center for Data Protection, Schleswig-Holstein]
P.O. Box 71 16
24171 Kiel, Germany

Holstenstrasse 98
24103 Kiel, Germany

Telephone: +49 4 31/988-12 00
Fax: +49 4 31/988-12 23
E-mail: mail@datenschutzzentrum.de

Disclaimer and limits of these data protection instructions

These data protection instructions address only processing on this website. Other websites are not covered by these data protection instructions; these provide their own specific data protection instructions.

 

Ombudsman:

The ombudsman is a freelance attorney who is not a Lufthansa Group employee. As a neutral, independent contact point, he receives hints by telephone or in writing and forwards these only in anonymous form to the Corporate Compliance Office for further processing – provided the person who offered the hint wants such forwarding. Here, the identity of the person providing the tip is protected both by attorney-client privilege and by the ombudsman’s right to refuse to give evidence. Lufthansa Group furthermore contractually waived the surrender of attorney documents; thus, it only learns the name of the person providing the hint, if he/she explicitly permitted the release of this information.

Contact details: https://investor-relations.lufthansagroup.com/en/corporate-governance/compliance/whistleblowing-system/ombudsman.html