Privacy Statement
We take the protection of your personal data seriously and would like you to feel at ease and secure when visiting our business customer portal and its associated website. Protecting your privacy during processing is an important concern for us, which we take into account in all our business processes and is carried out in accordance with the statutory provisions.
1. Responsible party
We, DEUTSCHE LUFTHANSA AG (Deutsche Lufthansa AG, Lufthansa Aviation Center, Airportring, 60546 Frankfurt am Main) (hereinafter also referred to as "Lufthansa," "we," "us"), hereby inform you as follows regarding the processing of your personal data while using our website: business.lufthansagroup.com (hereinafter also referred to as "website").
2. Contact for data protection topics
If you have any further questions about data protection in connection with our website or any of the services it offers, please contact our data protection officer:
Group data protection officer of the Lufthansa Group
Deutsche Lufthansa AG
E-mail: datenschutz@dlh.de
Please send a request for information to:
Deutsche Lufthansa AG
Data information
FRA CJ/D
60546 Frankfurt
If you contact us by e-mail, our communication will be unencrypted.
3. Scope, purpose and legal basis of personal data processing
Provision of website and creation of log files
When users visit our website, our system automatically collects data and information from the computer system of the accessing computer each time they visit our website. The following data ("technical information") is collected:
- Information about the browser type and the version used
- The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system through our website
- Amount of data transferred in each case
The data is stored in the log files of our system. This data will not be stored together with other personal data of the user.
We collect and use this technical information both for (network) security purposes (e.g. to combat cyber attacks) and to better understand the needs of our users as well as to continuously improve our website and enable its delivery to the user's computer.
The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. The data will not be analyzed for marketing purposes in this context.
The legal basis for the temporary storage of data and log files is Art. 6 (1) point (f) GDPR on the basis of the aforementioned legitimate interests. The data will be deleted after 24 months.
Overview of the data stored in a user profile
- Salutation
- First name and last name (to be displayed in the profile and user overview)
- Company ID, name and address of the company
- E-mail address (to be displayed in the profile and user overview)
- User role (to be displayed in the user overview)
- For travel agencies: name of the travel agency and IATA number
- Status
- Pending (if the user is invited but not registered)
- Active (if the user is registered) – to be displayed in the user overview
- Password (never visible)
Operational necessity category
Necessary cookies are used to manage the platform. They enable a smooth operation, e.g. while booking your flight, delivering the correct answers to your requests and ensuring security features, such as avoiding any malicious use of the website. Necessary cookies cannot be disabled but you can delete them or opt-out when they are signalled. We employ the following necessary cookies: Tealium
Category "Analytics"
Cookies in this category are used to enable the following activities:
1. Monitor website traffic and optimize your user experience
2. Evaluate which marketing channels are performing better and
3. Analyse aggregated and pseudonymised data about usage of the website to understand our customers. Randomized identifiers shared with partners.
We employ the following analytics cookies: Google Analytics
Category "Personalization"
Cookies in this category are used to enable the following activities:
1. Store your preferences from previous visits
2. Collect user feedback to improve our website
3. Evaluate your interests to provide you unique customised content and offers
We employ the following personalization cookies: Usabilla
Usabilla
We use the "Usabilla Emoji Feedback" feedback services from Usabilla to analyse user feedback and optimise the website. When a user uses the feedback button or takes part in an online survey, a cookie is placed in their computer. The user’s browser establishes a direct connection with the Usabilla server and transmits data relating to the end device.
Category "Advertising"
Cookies in this category are used to enable the following activities:
1. Make online and social advertising more relevant for you
2. Invite specific customer groups to reconnect with our products later
3. Share data with our advertising and social media partners via their third-party cookies to match your interests
We employ the following advertising cookies: this category includes LinkedIn
LinkedIn Insight Tag
We use the LinkedIn Insight Tag on this website. The LinkedIn Insight Tag is a web analytics service. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
With the help of the LinkedIn Insight Tag, we obtain information about visitors to our website. If a website visitor is registered on LinkedIn and has given their consent there, we can analyze professional key data to target our website to the relevant audience. For the purpose of targeted advertising, cross-device advertising success measurement and promotional retargeting on LinkedIn may also take place. In addition, LinkedIn Insight Tag captures log files. The IP address is anonymized.
LinkedIn Insight Tag uses cookies to recognize the website visitor and analyze user behavior.
The legal basis for processing is Art. 6 (1) lit. a) GDPR.
Direct identifiers of LinkedIn members are deleted by LinkedIn after seven days, and the remaining pseudonymized data within 180 days.
For details on data processing under LinkedIn's responsibility, e.g., data transfer to third countries, see the following links:
https://www.linkedin.com/legal/l/dpa
https://www.linkedin.com/legal/l/eu-sccs
https://de.linkedin.com/legal/l/cookie-table
Google Analytics
The website uses the Google web analytics tool Analytics 360 (hereinafter also referred to as "Analytics"). Analytics uses cookies to analyze your use of the website and to compile reports on website activity. However, when you enable IP anonymization on this website, your IP address will be abbreviated by Google within European Union Member States or other countries that are party to the Agreement on the European Economic Area. Google stores information with identifiers that are linked to the browser or device, such as:
- Abbreviated IP address
- Pseudonym Cookie ID
- Browser information
- Browser version
- URLs of visited sites
- Device information
The data mentioned will be collected and processed by Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland as part of order processing Art. 28 of the GDPR. The legal basis for the use of Analytics is justified interest (Article 6 (1) point (f) GDPR), consent (Article 6 (1) point (a) GDPR), § 25 TDDDG, in order to analyze the website for malfunctions and to constantly optimize site navigation for customer use. Sessions are terminated by default after 30 minutes of inactivity.
The collected data will be stored for 24 months after which it will be automatically removed by a deleting routine.
You can prevent participation in this tracking procedure as follows and thus object to processing:
- By setting your browser accordingly
- By deactivating the Analytics cookies
- By using the following link: http://tools.google.com/dlpage/gaoptout to download and install the available browser plug-in to prevent Google from collecting and using information obtained from the site, including your IP address.
Tealium
Tealium iQ is a tag management system that allows third-party measurement pixels to be loaded in the pages. To optimize measurement pixel loading, Tealium also uses a cookie to collect personal data. This cookie loses its validity at the end of the session and is automatically removed by a deleting routine.
Tealium stores the following information:
- Time stamp of website visit
- IP address
- ID for page view
- ID for the visitor
- ID for the session
The aforementioned data will be collected and processed by Tealium Inc. Sovereign House, Vastern Road, Reading RG1 8BT as part of order processing Art. 28 GDPR. The legal basis for the associated data processing is Article 6 (1) point (f) (legitimate interests). Our overriding legitimate interest is being able to implement cookies on the website. This enables us to create analyses we can use to continuously improve user behavior, functionality and attractiveness of the website and the associated portal for our customers.
Lufthansa Group for Business Newsletter dispatch
If you gave your consent to receive the newsletter, we process the following personal data on the legal basis of Art. 6 Abs. 1 lit. a) EU-GDPR.
- Email address
- Surname, first name, title, gender/salutation
- Location
- Preferred newsletter language
The newsletter provides you with information on topics from the Lufthansa Group and our joint ventures. Personalization of the newsletter is based on the analysis of
- your interaction with the newsletter
- your master data
- your IP address
We analyze your usage patterns in every newsletter to personalize communication. The following systems and technologies are used for marketing and optimization purposes and process the respective listed data:
Oracle Responsys
- Email delivery
- Email opening
- Time of opening and time of clicks
- End device used for opening, clicking and booking
- Click behaviour in the email
Litmus
- Reading time and reading behaviour
- Location where opened
- Email programme and end device used
Recipient of data
To provide the website and services, the following categories of recipients receive data in order to process them on Lufthansa's behalf:
- IT infrastructure provider
- IT service management provider
- Lufthansa Group Service Team
Right to object
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6 (1) point (e) or (f) GDPR.
The controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves for the establishment, exercise or defense of legal claims.
Rights of the data subject
Lufthansa attaches great importance to ensuring that our processing procedures are fair and transparent. In addition to the right to object, the GDPR also entails the following rights of the data subjects:
Right of access by the data subject Article 15 GDPR
Right to rectification Article 16 GDPR
Right to erasure ("right to be forgotten"), Article 17 GDPR
Right to restriction of processing, Article 18 GDPR
Right to data portability Article 20 GDPR
Right of appeal to a supervisory authority
Right to object, Article 21 GDPR
If you have given us permission to process your personal data, we hereby point out that you can revoke this permission at any time.
To exercise your rights, you can contact us by e-mail at: b2b.dataprotection@dlh.de. To process your application and for identification purposes, we would like to point out that we will process your personal data in accordance with Article 6 (1) point (c) GDPR.