Register of proceedings of the data protection officer

Public register of proceedings regarding the processing of personal data

Pursuant to §4g II pg. 2 of the BDSG (German Data Protection Act) a data protection officer will provide information regarding data appearing in points 1 - 8 of this document in accordance with §4e sent. 1 BDSG upon request presented in an appropriate fashion.

1. Name of the responsible post:
Lufthansa Systems GmbH & Co. KG

2. Management Board:
Stefan Auerbach
Olivier Krüger

3. Address of the responsible post:
Lufthansa Systems GmbH & Co. KG
Am Prime Parc 1
D-65479 Raunheim

Company Data Protection Officer:
Dr. Barbara Kirchberg-Lennartz, FRA DSB

4. Purpose of data collection, processing, or use:
The business purpose of the company is the development and operations of IT and Telecom infrastructures and applications, as well as providing the necessary services required for this purpose.

For reasons demanded by business purposes, the company is authorized to establish branch offices and facilities both domestically and abroad, to participate in other companies both domestically and abroad, to acquire and to establish such companies, as well as to enter into all transactions including joint venture contracts. It may cede its operations wholly or partially to such companies.

Data is collected, processed, and used for the above-mentioned purpose. Highlights of the processing of personal data are the following areas:

  • Human Resources (Administration and Development)
  • Suppliers (Administration according to GoB criteria (German GAAP)
  • Shareholders (Administration and Support)
  • Customers (Customer Relationship Management)
  • Head Office and Management functions pursuant to the EDP General Employee/Works Council Agreement between Lufthansa Systems AG and labor-management relations agencies

5. Description of groups of persons affected and their related data or data categories:
Customer data, employee data, shareholder data, as well as data from suppliers, to the extent that this is necessary to fulfil the purposes specified in 4.

6. Recipients or categories of recipients to whom data may be disclosed:
Public service authorities where high-priority legal regulations demand, external contractors according to §11 BDSG, as well as external offices and internal Lufthansa departments, for fulfilling the purposes specified in 4.

7. Statutory periods for deleting data:
After expiration of storage obligations and periods as decreed by regulatory authorities, the relevant data is routinely deleted. Any data to which this does not apply is deleted if it is not needed fur the purposes specified in 4.

8. Planned transmission of data to other countries:
Data is transmitted to authorities, customers, and suppliers in various countries within the context of conducting transactions that fulfill the business purpose in accordance with the above-named international regulations.

9. Security measures:
Deutsche Lufthansa AG takes safeguarding measures pursuant to §9 BDSG by practicing caution when awarding contracts, by maintaining appropriate quality regulations, and by training its staff.

Deutsche Lufthansa AG
Group data protection officer