You are here:

Privacy policy

Data protection statement

1. Controller

We, Lufthansa Technik AG, Weg beim Jäger 193, 22335 Hamburg, Germany, (hereinafter also referred to as “we” or “us”), hereby provide you with information on the processing of your personal data collected as part of your use of our Digital Customer Experience Center (“Digital Customer Experience Center”).

If you have further questions on the subject of data protection in connection with our Digital Customer Experience Center or the services offered on it, please contact or our data protection officer:

Data protection officer of the Lufthansa Group E-mail:

2. Scope and purpose of and legal basis for the processing of personal data

We collect and use personal data directly from our users or from other sources (see below) in the following situations:

2.1. Provision of the website and creation of log files

Whenever users visit our Digital Customer Experience Center, our system automatically records data and information from the computer system used to call our Digital Customer Experience Center. The following data (“technical information”) is collected in the process:

  • Information on the type of browser used and its version
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • The date and time of access
  • Websites from which the user’s system accesses our Digital Customer Experience Center
  • Websites that the user’s system calls from our Digital Customer Experience Center

We collect and use this technical information for purposes of (network) security (such as to combat cyberattacks), marketing, and to be able to better understand our users’ needs, as well as to continuously improve our Digital Customer Experience Center and to enable us to deliver the Digital Customer Experience Center to the user’s computer system.

The log files contain IP addresses or other data that may, in some cases, be able to be associated to a user. That may be the case, for example, if personal data is contained in the link to the website from which the user enters our Digital Customer Experience Center, or the link to the website to which the user switches.

The data is likewise stored in our system’s log files. This data is not stored together with other personal data of the user.

The data is stored in log files in order to ensure that the website functions properly. This data also helps us optimize the website and ensure the security of our IT systems. It is not analyzed for marketing purposes in this connection.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the EU General Data Protection Regulation (GDPR).

2.1.1. Use of cookies

Our Digital Customer Experience Center uses cookies. Cookies are text files that are stored in your web browser. If you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string that allows your browser to be identified unambiguously if you visit the Digital Customer Experience Center again.

There are two types of cookies:

  • session cookies, which are temporary and are erased when you close your browser at the end of your surfing session. The next time you visit our Digital Customer Experience Center it will not recognize you and will treat you as a new visitor.
  • persistent cookies, which stay in one of your browser’s subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie’s file.

Cookies are stored on your computer system and are transferred to our site. That means that you, the user, have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This process can be automated. If cookies are disabled for our Digital Customer Experience Center, you may no longer be able to use all of the website’s features in full.

We use the following categories of cookies to provide you with the following functionality or information:

  • Necessary: These cookies are necessary to run the core functionalities of this website, e.g. security related functions.
  • Statistics: In order to improve continuously our Digital Customer Experience Center, we use eTracker as a tracking tool . With these cookies we can, for example, track the number of visits or the impact of specific pages of our web presence and therefore optimize our content. (see section 8)
  • Preferences: We do not use any cookies of the category Preferences.
  • Marketing: We do not use any cookies of the category Marketing.

By deleting the cookies you are able to delete the stored information of our Digital Customer Experience Center at any time.

2.2. Use of the services offered on our Digital Customer Experience Center

We offer a number of services on our Digital Customer Experience Center. To provide those services, we must collect and process personal data from our users.

2.2.1. Newsletters AVIATAR community

On our Digital Customer Experience Center you can subscribe to free information regarding the AVIATAR community. The data entered in the input screen when registering for further information is sent to us and processed:

  • E-mail address
  • First name
  • Last name
  • Company name
  • Personal message (if this function is used)

The following data is also collected during registration:

  • The date and time of registration

The following data on usage behavior is collected:

  • Opening patterns
  • Clicking patterns
  • Log-offs

During registration, your consent to the processing of the data is obtained and your attention is drawn to this data privacy statement.

Contact data and data on usage behavior are stored electronically at a German service provider and analyzed and processed solely by Lufthansa Technik for the purpose of improving its customer service and sending out newsletters.

We process your data in connection with the AVIATAR community in order to send you further information on the community.

The legal basis for processing data after the user has registered for the AVIATAR community newsletter is Article 6(1)(a) of the GDPR in cases where the user has given consent.

2.2.5 Statistical analyses

We analyze your data in a data warehouse so that our users’ preferences can be evaluated (“statistical analyses”), to enable marketing oriented to users’ interests, personalized user address and the continuous optimization of our business processes. We process the data in this way to gain a better understanding of what our customers expect from us and to be able to offer them personal communication tailored to their needs. These analyses also help us in fraud detection, auditing, and ensuring security, i.e. we process the data to safeguard our legitimate interests in accordance with Article 6(1)(f) of the GDPR.

2.3. Our legitimate interests in processing personal data

Where Article 6(1)(f) of the GDPR is the legal basis for processing, our legitimate interests – apart from the purposes stated above – are:

  • Protecting the company against material or non-material damage
  • Making our products and services more professional
  • Optimizing (controlling and minimizing) costs

2.4. Other processing obligations

Where we are obligated by law, we process personal data to comply with retention obligations under commercial law or to meet statutory requirements relating to security (such as those pursuant to Section 7 of the German Aviation Security Act (LuftSiG)). You can find more information on retention periods in the section “Duration of data processing” below.

3. Duration of data processing

Your personal data is erased as soon as it is no longer required for the specified purposes. It may be the case that personal data is retained for the period of time in which claims may be asserted against Lufthansa Technik AG. In addition, personal data is stored if and for as long as Lufthansa Technik AG is obligated by law to do so. Such documentation and retention obligations are stipulated by the German Commercial Code (HGB), the German Fiscal Code (AO) and the German Money Laundering Act (GwG), among others. Under this legislation, storage may be required for up to ten years.

4. Right to object in accordance with Article 21 of the GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

5. Disclosure of personal data to third party

We may be required to forward your personal data to third parties within or outside the Lufthansa Group in order to be able to offer you our products and services on the basis of our contractual obligations or our legitimate interests. These recipients can be categorized as follows:

  • Service providers
  • IT
  • Government bodies and authorities
  • Members of the Lufthansa Technik Group
  • Agency hosting the site (Liebchen+Liebchen, 60386 Frankfurt am Main Germany)
  • Vimeo Video Platform

In the process, personal data may be transferred to third countries or international organizations. In order to protect you and your personal data, there are suitable safeguards in such cases as stipulated by and in compliance with statutory requirements (in particular the use of EU standard contractual clauses) or there is an adequacy decision adopted by the EU Commission (Article 45 of the GDPR).

You can find information on EU standard contractual clauses. The EU Commission provides information on its adequacy decisions.

We are also obligated by law to provide personal data to German and international authorities (Article 6 (1) point (c) of the GDPR in conjunction with local and international regulations and agreements.

6. Rights of data subjects

Lufthansa Technik AG is committed to the fair and transparent processing of data. We therefore believe it to be important that data subjects not only have the right to object, but can also exercise the following rights if the relevant legal requirements are fulfilled:

  • Right to access personal data and obtain information (Article 15 of the GDPR)
  • Right to rectification (Article 16 of the GDPR)
  • Right to erasure (“right to be forgotten”) (Article 17 of the GDPR)
  • Right to restriction of processing (Article 18 of the GDPR)
  • Right to data portability (Article 20 of the GDPR)

You can contact by e-mail to exercise your rights. To handle your request and for the purpose of identification, we note that we will process your personal data in accordance with Article 6(1)(c) of the GDPR.

You also have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for Lufthansa Technik AG is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Phone: +49 40 42854-4040
Fax: +49 40 42854-4000

7. Consent

If you have given us your consent to process your personal data, we note here that you can revoke this consent at any time.

If you have given us your consent to send you the AVIATAR community, you can revoke it by clicking on the "Unsubscribe" link in the newsletter itself or send an E-Mail

You can contact in all other cases or if you have problems revoking your consent on this Digital Customer Experience Center.

Please note that any revocation of your consent is valid only with future effect and does not have an impact on the lawfulness of past processing of your data. In some cases we have the right despite the revocation of your consent to continue processing your personal data on another legal basis, such as to fulfill a contract.

8. Tracking tool: eTracker

We use eTracker as a tracking tool.

The legal basis for using it is our legitimate interests in accordance with Article 6(1)(f) of the GDPR for the purpose of enhancing the efficiency of our website and (direct) marketing.

Its functions are explained in the following paragraphs.

eTracker stores data on visitors, IP addresses and the device and domain data of visitors. This data is stored in truncated form or encrypted so that it is not possible to identify the individual user from it.

The collected data is administered in a data center located in Hamburg, Germany using the highly secure, high-quality and highly available data center infrastructure of IPHH Internet Port Hamburg GmbH, which is certified as complying with ISO/IEC 27001:2013.

eTracker gives us insights into the following data:

  • When the website was accessed (month, year, week, day, time of day)
  • What devices were used to access the website and what browser and operating system those devices use
  • What individual pages of the website are visited
  • Visitors’ regions and languages
  • Visitors’ click behavior: Click paths, click frequency
  • Dwell times on the individual pages of the website
  • Most-clicked pages on the website
  • Where the website was accessed from (referrer)
  • How often the website or its individual pages were called
  • Whether and how visitors return to the website or its individual pages

You can obtain more information on this tracking tool at


Last modified: 07 February 2022