Privacy policy

1. Controller


We, the Lufthansa Systems GmbH & Co. KG (Am Messeplatz 1, 65479 Raunheim, Germany), hereinafter also called “LSY”, “we”, “us”, wish to inform you how your personal data is processed when you use our website, hereinafter also called “website”.

If you have any further queries regarding data protection in connection with our website or the services offered, please contact our data protection officer or coordinator:

Group Data Protection Contact for the Lufthansa Group:

Deutsche Lufthansa AG
60546 Frankfurt a. M.


Data Protection Contact at Lufthansa Systems GmbH & Co. KG:



2. Scope, purpose and legal basis of processing personal data


We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:


2.1. Provision of the website and log file creation

By visiting our website the system automatically records data and information about the user’s computer system each time the website is accessed. The following data (“technical information”) are collected:

Amend this section accordingly. Remove irrelevant data and add anything missing.

  1. Information on the browser type and version used
  2. The user’s operating system (including device type, such as PC, smartphone, etc.)
  3. IP address
  4. Date and time of access
  5. Websites from which the user’s system accesses our website (e.g. via Google link)

The collected data is saved in so-called logfiles, which are erased daily. Before the deletion, we readout the log files and use the information for analyzing.  We use this technical information for the purposes of (network) security (to for example ward off cyber-attacks), marketing and to better understand our users’ needs as well as to continuously improve our website and enable users to access the website from their computers.

The legal basis for this data processing is our legitimate interest in delivering an optimized and functional, as well as profitable website to our customers, Art. 6(1)(f) GDPR.


2.1.1. Logfiles by “watchdog” (monitoring tool)

We use the tool “watchdog” on our website. It collects errors and warnings that occur on the website while using it. The data we collect when e. g. an error occurs while you are using our website contains:

  1. Date and time of the incident
  2. Location (on the website, not your location)

We do not disclose your data to third parties. We use this data to steadily optimize our website, establish an incident-free website, and ensure our IT-systems are secured.

We store the latest 1.000.000 logs and delete the logs not included in that automatically.

The legal basis for present data processing is our legitimate interest to run a fluent and, as far as possible, error-free website, Art. 6(1)(f) GDPR.


2.1.2. Use of cookies

Our website uses cookies. Cookies are text files stored in the web browser or by the web browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that allows for the unique identification of the browser when the website is accessed again.

Cookies are stored on the user’s computer, which transmits these to our website. Therefore, users have full control over the use of cookies. You may disable or restrict the transmission of cookies by changing your web browser settings. Previously stored cookies can be deleted at any time. This may also be done automatically. If cookies are disabled for our website, you may no longer be able to use all of its functionality.

We use the following Cookies (including third-party-cookies by Google Analytics) on our website:


cookie name

What it does:


This cookie is in use to execute the cookie-notification. (functional)


This cookie ensures the functionality of the website. (functional)


This cookie is in use to enable the sharing of content. It counts clicks and shares of a certain page. (functional)


This cookie is in use to distinguish visitors of our website from one another. It expires 24 hours after it is created. (Web Analytics)


This cookie is in use to distinguish visitors of our website from one another. It expires 2 years after it is created. (Web Analytics)


This cookie is in use to lower the requirements for Google Analytics. It expires 10 minutes after it is created. (Web Analytics)


We use these cookies to optimize our website and to ensure it is functional.

The legal basis is our legitimate interest in the mentioned causes, Art. 6(1)(f) GDPR.


2.1.3. Tracking tools

On our website, we only use the tracking tool Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, and no further tracking or marketing tools. The main purpose of Google Analytics is to analyze data traffic on our website. Thereto the tool creates an anonymous user-id and allocates data regarding the behavior on our website to that user-id. Google Ireland Limited uses servers, located in Ireland, to store the data. Due to anonymization it is impossible to identify a person on the basis of the collected data. The anonymization of the IP-address ensures data security, in particular. Collected data includes for instance clicking behavior and length of time spent on our website.

This process enables us to steadily optimize our website and align our website with the needs of our customers.

You can download and install the Google Analytics opt-out browser add-on via this link []. Using this add-on, you can determine whether and on what scale Google Analytics collects and processes your data.

For more information on the privacy policy of Google Ireland Limited, please visit the Google Privacy & Terms website [].

Our legitimate interest pursuant to Art. 6(1)(f) GDPR for the purpose of increasing the efficiency of our website is the legal basis for the use of the tools listed.


2.1.4. Google Tag Manager

Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal information. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.


2.1.5. Links to social media networks

You can find the following links to social networks on our website:

  • Facebook
  • Twitter
  • Linkedin
  • Instagram
  • Xing
  • Youtube

You can use these links to visit social media profiles of LSY on platforms such as Facebook or Instagram. You can also use these links to share a blog entry that is published on our website's blog. These links are not the same as so-called social media plugins that share personal data as soon as you visit the website in which the plugins an integrated.
As soon as you click a button on our website leading to a certain social network the operating company of the social media network may collect and process personal data. For further information please visit the corresponding privacy policies.

For the privacy policy of Facebook please visit this website.

For the privacy policy of LinkedIn please visit this website.

For the privacy policy of Twitter please visit this website.

For the privacy policy of XING please visit this website.

For the privacy policy of  YouTube please visit this website.

For the privacy policy of Instagram please visit this website.

Privacy Policy for the Lufthansa Systems Facebook page - see download below.


2.2. Use of the services offered on our website


We offer a range of different services on our website. We must collect and process user or customer personal data in order to perform these.

2.2.1. Form for contact and contact via e-mail

On our website, you can fill out a form for contact if you have a question or a comment. For this purpose we collect the following personal data:

  1. Your name
  2. You’re e-mail address
  3. The content of your message
  4. The company you’re working for (optional)
  5. Your phone number (optional)
  6. Date and time of your message
  7. IP-address

The collected data won’t be pushed to third parties. We only use this data to reply to your inquiry as soon as possible. For getting back to you, we will use either your e-mail address or your phone number. IP-addresses are collected to prevent are react to misuse.

The legal basis of present data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR for the purposes of ensuring a dialog between our customers and ourselves, as well as securing it.

2.2.2. Blog with the possibility to comment on blog entries and other comments

Furthermore, we run a blog on our website where you can comment on blog entries as well as on other comments. For this process we collect the following data:

  1. Your name
  2. Your e-mail address
  3. The content of your comment
  4. Date and time of your comment
  5. IP-address

This data won’t be given to third parties. Your data will only be used for designing a clean and chronological blog section on our website, as well as giving you and us the opportunity to have a dialog regarding various topics. IP-addresses are processed for the prevention of and reaction to misuse.

We will ask you to grant a permit and also refer to this privacy policy before processing your data. If you agree, your permit will be the legal basis of this present data processing, Art. (6)(1)(a) GDPR.

2.2.3. Newsletter

You have the option of subscribing to a free newsletter on our website. When you subscribe, the data from the input screen is sent to us and processed:

  1. Your name (optional)
  2. The company you’re working for (optional)
  3. Your e-mail address
  4. Date and time of your registration
  5. IP-address

During the subscription process, we obtain your consent to your data being processed and reference this privacy policy.

No data will be disclosed to or used by third parties. We process your data in connection with the newsletter in order to send news about topics from the Lufthansa world that we think are interesting. We also process and use the given email address for sending you personalized offers in connection with the newsletter. IP-addresses are processed for protection of and reaction to the misuse of the newsletter.

If a link in the newsletter takes you to our website, you also permit us to process and use your IP address, as well as geodata, web beacons and similar technologies, in order to verify whether the offers have met your requirements.

Art. 6(1)(a) GDPR forms the legal basis for data processing following the user’s subscription to the newsletter if the user has given consent.


2.3. Our legitimate interest in processing personal data

If Art. 6(1)(f) GDPR forms the legal basis for the processing, our legitimate interests are, in addition to the purposes listed above:

  • To protect the company against material and immaterial damage (e. g. because of cyber-attacks)
  • Procedure and Professionalism of our products and services
  • Cost optimization (control and minimization)


2.4. Other processing commitments

If obliged to do so by law, we process personal data in order to meet duties of retention under commercial or tax law or to meet legal security requirements (such as Section 7 of the Aviation Security Act [LuftSiG]). For further information on retention periods, please refer to “Duration of the data processing”.

2.5. Obligation to provide personal data

The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The input is either mandatory because of legal or contractual requirements.


3. Duration of the data processing


Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against the Lufthansa Systems GmbH & Co. KG may be enforced (statutory limitation period of three to thirty years). Personal data are also saved to the extent that and for so long as LSY is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods for up to ten years.


4. Right to object pursuant to Art. 21 GDPR


You have the right to object, on reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defense of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

When processing data for scientific, historical or statistical research purposes:

Where personal data concerning you are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you, on grounds relating to your particular situation, also have the right to object to this.

Your right to object may be limited in so far as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfillment of the research or statistical purposes.


5. Disclosure of personal data to third parties


Data we process on our website will not be disclosed to third parties.

However, we are, in some cases, legally obliged to disclose personal data to German or to international authorities. The legal basis for disclosing personal data in the present case ist Art. 6(1)© GDPR.


6. Rights of the data subject


We are committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can not only exercise their right to object but also the following rights where the respective legal requirements are satisfied:

  • Right of access, Art. 15 GDPR
  • Right to rectification, Art. 16 GDPR
  • Right to erasure (“right to be forgotten”), Art. 17 GDPR
  • Right to restriction of processing, Art. 18 GDPR
  • Right to data portability, Art. 20 GDPR

To exercise your right, please email one of the contacts named under “1. Controller”. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR.

You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for the Lufthansa Systems GmbH & Co. KG is:

Landesbeauftragter für Datenschutz und Informationsfreiheit des Landes Hessen
Prof. Dr. Michael Ronellenfitsch

P. O. Box 3163
65021 Wiesbaden

Gustav-Stresemann-Ring 1
2nd floor
65189 Wiesbaden

phone: +49 611 1408 - 0
fax: +49 611 1408 - 611


7. Consent

If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time. For this, please contact one of the persons named under “1. Controller”.

If you have consented to receive our newsletter, you may withdraw this consent by using the “Unsubscribe” link in the newsletter.

Please note that your consent can only be withdrawn with future effects and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract.


8. SSL-encryption

Our website is cryptographically secured using Secure Socket Layer-encryption (SSL). This ensures a safe communication between the browser and the server as well as a safe data transfer. If a website is using this encryption is easily spotted by checking the web address of the website. If it starts with “https://”, it’s using named encryption.

In case your browser is technologically not able to use the SSL-encryption, please download the newest version of a browser that is.


9. Disclaimer and limitations of these data protection notices

These data protection notices only apply to the processing for the website Other websites are not covered by these data protection notices and provide their own specific data protection notices.