Privacy policy

1. Controller

We, the Lufthansa Systems GmbH & Co. KG (Am Messeplatz 1, 65479 Raunheim, Germany), hereinafter also called “LSY”, “we”, “us”, wish to inform you how your personal data is processed when you use our website, hereinafter also called “website”.

If you have any further queries regarding data protection in connection with our website or the services offered, please contact our data protection officer or coordinator:

Group Data Protection Contact for the Lufthansa Group:

Deutsche Lufthansa AG
60546 Frankfurt a. M.

Data Protection Contact at Lufthansa Systems GmbH & Co. KG:



2. Scope, purpose and legal basis of processing personal data

We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:

2.1. Provision of the website and log file creation

By visiting our website the system automatically records data and information about the user’s computer system each time the website is accessed. The following data (“technical information”) are collected:

  1. Information on the browser type and version used
  2. The user’s operating system (including device type, such as PC, smartphone, etc.)
  3. IP address
  4. Date and time of access
  5. Websites from which the user’s system accesses our website (e.g. via Google link)

The collected data is saved in so-called logfiles, which are erased daily. Before the deletion, we readout the log files and use the information for analyzing.  We use this technical information for the purposes of (network) security (to for example ward off cyber-attacks), marketing and to better understand our users’ needs as well as to continuously improve our website and enable users to access the website from their computers.

The legal basis for this data processing is our legitimate interest in delivering an optimized and functional, as well as profitable website to our customers, Art. 6(1)(f) GDPR.


2.1.1. Use of cookies

Our website uses cookies. Cookies are small text files stored in the web browser or by the web browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that allows for the unique identification of the browser when the website is accessed again.

Cookies are stored on the user’s computer, which transmits these to our website. Therefore, users have full control over the use of cookies. You may disable or restrict the transmission of cookies by changing your web browser settings. Previously stored cookies can be deleted at any time. This may also be done automatically. If cookies are disabled for our website, you may no longer be able to use all of its functionality.

We use cookies (including third-party-cookies by Google Analytics) on our website and differentiate between cookies that are absolutely necessary for the website’s technical features and optional cookies.

To enable you to select the data protection settings for your visits to our website that best suit your requirements, we give you the option of adjusting your preferences with respect to the categories of operational necessity, statistics and comfort. Operational necessity category

Cookie name: necessaryCookiesAccepted (stored values: true/false)

This is necessary for the operation of the website.
If it does not exist or is not "true" the GDPR cookie acceptance popup will be shown, which blocks the navigation on the site as long as the necessary cookies are not accepted. These cookies do not store any personally identifiable information. Functional category

Cookie name: functionalCookiesAccepted (stored values: true/false)

These cookies enable the website to provide enhanced functionality such as forms to fill out. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some of these services may not function properly. Statistics category

Cookie name: statisticsCookiesAccepted (stored values: true/false)

This is used to enable the following activities:

  • Monitor website traffic and optimize your user experience
  • Evaluate which marketing channels are performing better and
  • Analyse aggregated data about usage of the website to understand our customers. All information these cookies collect is aggregated and therefore anonymous.

If it does exist and the value is "true" the Google Analytics embed code will be placed into the source code and it will track the activities. Google Analytics will take its own cookies in this case. Comfort category

Cookie name: comfortCookiesAccepted (stored values: true/false)

If it does not exist or is not "true":

  • The youtube videos will be displayed from the site (the Youtube official no cookie version) or just a thumbnail will be embedded instead of the video into the content.
  • The "HTML source" fields won't be displayed in the content, so any 3pd application (e.g. Google Maps, MS Dynamics forms) which might use their own cookies code won't be embedded and displayed.

You can adjust your personal settings using the option in our footer.

The legal basis is our legitimate interest in the mentioned causes, Art. 6(1)(f) GDPR.

2.1.2. Tracking tools

On our website, we only use the tracking tool Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, and no further tracking or marketing tools. The main purpose of Google Analytics is to analyze data traffic on our website. Thereto the tool creates an anonymous user-id and allocates data regarding the behavior on our website to that user-id. Google Ireland Limited uses servers, located in Ireland, to store the data. Due to anonymization it is impossible to identify a person on the basis of the collected data. The anonymization of the IP-address ensures data security, in particular. Collected data includes for instance clicking behavior and length of time spent on our website.

This process enables us to steadily optimize our website and align our website with the needs of our customers.

You can download and install the Google Analytics opt-out browser add-on via this link []. Using this add-on, you can determine whether and on what scale Google Analytics collects and processes your data.

For more information on the privacy policy of Google Ireland Limited, please visit the Google Privacy & Terms website [].

Our legitimate interest pursuant to Art. 6(1)(f) GDPR for the purpose of increasing the efficiency of our website is the legal basis for the use of the tools listed.


2.1.3. Google Tag Manager

Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.


2.1.4. Links to social media networks

You can find the following links to social networks on our website:

  • Facebook
  • Twitter
  • Linkedin
  • Instagram
  • Xing
  • Youtube

You can use these links to visit social media profiles of LSY on platforms such as Facebook or Instagram. You can also use these links to share a blog entry that is published on our website's blog. These links are not the same as so-called social media plugins that share personal data as soon as you visit the website in which the plugins an integrated.
As soon as you click a button on our website leading to a certain social network the operating company of the social media network may collect and process personal data. For further information please visit the corresponding privacy policies.

For the privacy policy of Facebook please visit this website.
For the privacy policy of LinkedIn please visit this website.
For the privacy policy of Twitter please visit this website.
For the privacy policy of XING please visit this website.
For the privacy policy of  YouTube please visit this website.
For the privacy policy of Instagram please visit this website.
Privacy Policy for the Lufthansa Systems Facebook page - see download below.

2.2. Use of the services offered on our website

We offer a range of different services on our website. We must collect and process user or customer personal data in order to perform these.

2.2.1. Contact via e-mail

On our website, you can contact us via e-mail, if you have a question or a comment. For this purpose we collect the following personal data:

  1. Your name (if given)
  2. E-mail address
  3. The content of your message
  4. Date and time  
  5. IP-address

The collected data won’t be pushed to third parties. We only use this data to reply to your inquiry as soon as possible. For getting back to you, we will use your e-mail address. IP-addresses are collected to prevent are react to misuse.

The legal basis of present data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR for the purposes of ensuring a dialog between our customers and ourselves, as well as securing it.

2.2.2. Contact via form to register for an event

On our website, you have the possibility to register for an event via a form. The following data is collected for this purpose:

  1. Your name  
  2. Company
  3. Title/Position
  4. E-mail address
  5. Source of information
  6. Event
  7. Date and time  
  8. IP-address

The data will be used exclusively for the management of upcoming events of Lufthansa Systems and is stored in Lufthansa Systems’ customer database (Microsoft Dynamics 365).
Microsoft Dynamics 365 is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For more information about how Microsoft Dynamics 365 works, see the Microsoft Privacy Statement, available at

In our Subscription Center, we offer you the possibility to take out subscriptions (e.g. for receiving invitation to our events), as well as to view your existing subscriptions and the given consents and to adjust them at any time.

2.2.3. Newsletter

You will soon have the option of subscribing to a free newsletter on our website. When you subscribe, the data from the input screen is sent to us and processed:

  1. Your name (optional)
  2. The company you’re working for (optional)
  3. Your e-mail address
  4. Date and time of your registration
  5. IP-address

During the subscription process, we obtain your consent to your data being processed and reference this privacy policy.

No data will be disclosed to or used by third parties. We process your data in connection with the newsletter in order to send news about topics from the Lufthansa world that we think are interesting. We also process and use the given email address for sending you personalized offers in connection with the newsletter. IP-addresses are processed for protection of and reaction to the misuse of the newsletter.

If a link in the newsletter takes you to our website, you also permit us to process and use your IP address, as well as geodata, web beacons and similar technologies, in order to verify whether the offers have met your requirements.

Art. 6(1)(a) GDPR forms the legal basis for data processing following the user’s subscription to the newsletter if the user has given consent.

2.3. Our legitimate interest in processing personal data

If Art. 6(1)(f) GDPR forms the legal basis for the processing, our legitimate interests are, in addition to the purposes listed above:

  • To protect the company against material and immaterial damage (e. g. because of cyber-attacks)
  • Procedure and Professionalism of our products and services
  • Cost optimization (control and minimization)

2.4. Other processing commitments

If obliged to do so by law, we process personal data in order to meet duties of retention under commercial or tax law or to meet legal security requirements (such as Section 7 of the Aviation Security Act [LuftSiG]). For further information on retention periods, please refer to “Duration of the data processing”.

2.5. Obligation to provide personal data

The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The input is either mandatory because of legal or contractual requirements.



3. Duration of the data processing

Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against the Lufthansa Systems GmbH & Co. KG may be enforced (statutory limitation period of three to thirty years). Personal data are also saved to the extent that and for so long as LSY is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods for up to ten years.



4. Right to object pursuant to Art. 21 GDPR

You have the right to object, on reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defense of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

When processing data for scientific, historical or statistical research purposes:

Where personal data concerning you are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you, on grounds relating to your particular situation, also have the right to object to this.

Your right to object may be limited in so far as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.



5. Disclosure of personal data to third parties

Data we process on our website will not be disclosed to third parties.

However, we are, in some cases, legally obliged to disclose personal data to German or to international authorities. The legal basis for disclosing personal data in the present case ist Art. 6(1)© GDPR.



6. Rights of the data subject

We are committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can not only exercise their right to object but also the following rights where the respective legal requirements are satisfied:

  • Right of access, Art. 15 GDPR
  • Right to rectification, Art. 16 GDPR
  • Right to erasure (“right to be forgotten”), Art. 17 GDPR
  • Right to restriction of processing, Art. 18 GDPR
  • Right to data portability, Art. 20 GDPR

To exercise your right, please email one of the contacts named under “1. Controller”. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR.

You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for the Lufthansa Systems GmbH & Co. KG is:

Landesbeauftragter für Datenschutz in Hessen
Herr Dr. Alexander Roßnagel

P. O. Box 3163
65021 Wiesbaden

Gustav-Stresemann-Ring 1
2nd floor
65189 Wiesbaden

phone: +49 611 1408 - 0
fax: +49 611 1408 - 611



7. Consent

If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time. For this, please contact one of the persons named under “1. Controller”.

If you have consented to receive our newsletter, you may withdraw this consent by using the “Unsubscribe” link in the newsletter.

Please note that your consent can only be withdrawn with future effects and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract.



8. SSL-encryption

Our website is cryptographically secured using Secure Socket Layer-encryption (SSL). This ensures a safe communication between the browser and the server as well as a safe data transfer. If a website is using this encryption is easily spotted by checking the web address of the website. If it starts with “https://”, it’s using named encryption.

In case your browser is technologically not able to use the SSL-encryption, please download the newest version of a browser that is.



9. Disclaimer and limitations of these data protection notices

These data protection notices only apply to the processing for the website Other websites are not covered by these data protection notices and provide their own specific data protection notices.