21 October 2020
Competition Compliance Guidelines
Digital Aircraft Webconference 2020
These Competition Compliance Guidelines are to ensure that the Digital Aircraft Webconference 2020 is conducted in full compliance with all applicable competition laws.
The Digital Aircraft Webconference 2020 is an opportunity to share views and specific operational best practices within the aviation industry. It shall be conducted in full compliance with German and EU competition laws, and the competition/ antitrust laws of all other relevant jurisdictions.
The web conference shall be conducted pursuant to the following procedural guidelines:
1. All discussions or conversations among web conference participants, including during breaks and scheduled and non-scheduled social activities, connected with the web coference must follow these guidelines.
2. All discussion or conversation shall be conducted strictly in accordance with the written agenda. Matters not on the agenda shall not be discussed without prior approval of Lufthansa Group Compliance Office.
3. Given that most web conference participants are employed by (potentially) competing airlines, and recognizing that the existence of an unlawful agreement or concerted practice may be inferred from circumstances, including discussions among competitors, exchanges or disclosures of the following types of information, are strictly prohibited:
Price-related information (prices, rates, charges or surcharges, or any aspect that can impact the aforementioned);
Costs-related information which are not publicly available;
Strategy-related information with regards to routes, capacities, revenue management practices, or any other sensitive commercial or proprietary information dealing with aspects of competition or future business intentions.
4. It is strictly prohibited to enter into agreements – whether expressly or implied –
concerning prices and charges;
allocating markets, customers, suppliers, or agents;
intented to or likely to harm or exclude any third party from any market, or to induce participants or third parties to engage in collective anticompetitive behavior.
5. In the event that any participant introduces any matter that may not be in conformity with the forgoing, all other participants shall object to engaging in any discussion or exchange relating to it and bring the matter to the attention of the web conference hosts.
6. Prior to participation in the web conference, all participants will be required to have confirmed their understanding of these guidelines and their commitment to adhere to them.
We, Lufthansa Technik AG (Weg beim Jaeger 193, 22335 Hamburg, Germany) (hereinafter also "AVIATAR", "LHT", "we", "us"), wish to inform you how your personal data is processed when you use our website https://www.aviatar.com (or https://www.aviatar.io including sub-domains) ("website"). If you have any further queries regarding data protection in connection with our website or the services offered, please contact our data protection officer: datenschutz(at)dlh.de
Scope, purpose and legal basis of processing personal data
We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:
Provision of the website and log file creation
By visiting our website the system automatically records data and information about the user's computer system each time the website is accessed. The following data ("technical information") are collected:
1. Information on the browser type and version used
2. The user's operating system
3. The user's Internet service provider
4. The user's IP address
5. Date and time of access
6. Websites from which the user's system accesses our website
7. Websites accessed by the user's system via our website
The data are also saved in our system's log files. These data are not stored together with other personal data of the user. We collect and use this technical information for the purposes of (network) security (to for example ward off cyber-attacks), marketing and to better understand our users' needs as well as to continuously improve our website and enable users to access the website from their computers. The data are saved to log files to ensure website functionality. The data also help us improve the website and safeguard our information technology systems. Art. 6(1)(f) GDPR forms the legal basis for the temporary storage of the data and log files.
Your Aviatar.io Account
In order to use any services using the top-level-domain aviatar.io you'll need a personalized account. Our legitimate interest according to Art. 6(1)(f) GDPR can be justified with the security and integrity of our platform as well as fraud protection. We also need a personalized account for authentication and in order to be able to provide access to only the information you are allowed to access. Each user-account on aviatar.io contains the following personal information:
Your hashed password
First- and Lastname
Active sessions on aviatar.io (including your current IP address)
This information was provided by the organization you're working for or by yourself. After login you are able to review these details. If you feel that this information is not correct, then we highly appreciate to hear from you via privacy(at)aviatar.com. You can also contact us via your local IT department.
Use of the services offered on our website
We offer a range of different services on our website. We must collect and process user or customer personal data in order to perform these.
Provide Information about AVIATAR
The primary purpose of this website is to provide information about AVIATAR – an open, modular and neutral platform for the aviation industry. This website https://www.aviatar.com has the sole purpose to inform you about our product. We only use "technical information" (as described above) to improve our website and the user experience. We also offer videos about our product that are not hosted on https://aviatar.com. The respective infrastructure providers may also collect personal information, but we're unable to access this information. Please note that you have the right to learn which personal data are collected by third parties and how these data are processed. To learn more about your rights we kindly ask you to review the privacy policies on the respective websites (you can find information of involved 3rd parties below).
You can use this website https://aviatar.com to address inquiries to us and get in touch with a specific contact person using various contact forms. To do this, you must provide your contact information. The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The data entered in the input screen is sent to us and processed:
We're providing AVIATAR – an open modular and neutral platform for the aviation industry – through https://aviatar.io and respective subdomains. LHT provides and operates the online-platform "AVIATAR" which serves as a web-based hub for modular applications offering a variety of digital products and services for the aviation and other industries, including but not limited to MRO of aircraft. Processing personal information is not the purpose of the AVIATAR Platform. However personal information are required to some extend to provide access (please review the chapter "your avitar.io account" for more details).
Your data may be analyzed in a data warehouse to evaluate the preferences of our registered customers ("statistical analysis") for the purposes of interest-led marketing, individual approaches and continuous optimization of our business processes. We undertake this processing in order to acquire a better understanding of what our customers expect from us and to allow us to offer you communication that is tailored to you personally. This analysis also helps us with fraud detection, auditing and safeguarding security, which is why we perform this processing to protect our legitimate interests, according to Art. 6(1)(f) GDPR.
Our legitimate interest in processing personal data
If Art. 6(1)(f) GDPR forms the legal basis for the processing, our legitimate interests are, in addition to the purposes listed above:
To protect the company against material and immaterial damage
Professionalism (of our products and services)
Cost optimization (control and minimization)
Other processing commitments
If obliged to do so by law, we process personal data in order to meet duties of retention under commercial or tax law or to meet legal security requirements (such as Section 7 of the Aviation Security Act [LuftSiG]). For further information on retention periods, please refer to "Duration of the data processing".
Obligation to provide personal data
The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The input is either mandatory because of legal or contractual requirements.
Duration of the data processing
Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against LHT may be enforced (statutory limitation period of three to thirty years). Personal data are also saved to the extent that and for as long as LHT is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods up to ten years.
Right to object pursuant to Art. 21 GDPR
You have the right to object, on reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Disclosure of personal data to third parties
In order to offer you our products and services, based on our contractual obligations or in accordance with our legitimate interests, we may have to disclose your personal data to third parties internal or external to the Lufthansa Group. These recipients can be categorised as follows:
Transport o Marketing
State agencies and bodies
Personal data may be transmitted to third countries or international organisations as part of this. For your protection and the protection of your personal data, appropriate safeguards are provided for such data transmissions as per and in accordance with legal requirements (particularly, the use of EU standard contractual clauses) or an adequacy decision has been issued by the EU Commission (Art. 45 GDPR).
For information on EU standard contractual clauses, please visit https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=DE
The EU Commission provides the relevant information relating to its adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu
A copy of the security precautions used may also be requested from privacy(at)aviatar.com. We are also legally obliged to provide personal data to German and international authorities, according to Art. 6(1)(c) GDPR together with local and international regulations and agreements.
Rights of the data subject
LHT is committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can not only exercise their right to object but also the following rights where the respective legal requirements are satisfied:
Right of access, Art. 15 GDPR
Right to rectification, Art. 16 GDPR
Right to erasure ("right to be forgotten"), Art. 17 GDPR
Right to restriction of processing, Art. 18 GDPR
Right to data portability, Art. 20 GDPR
To exercise your right, please email privacy(at)aviatar.com. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR. You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for LHT is:
Freie und Hansestadt Hamburg
Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str 22, 7. OG
Phone: +49 40 42854-4040
Fax: +49 40 4279-11811
If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time. If you gave this consent on the website, please visit the page where you originally gave consent or log in using your LH ID in order to withdraw consent in the settings. If you have consented to receive our newsletter, you may withdraw this consent by using the "Unsubscribe" link in the newsletter. In all other cases or if you have problems withdrawing your consent on the website, you can contact privacy(at)aviatar.com. Please note that your consent can only be withdrawn with future effect and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract.
Disclaimer and limitations of these data protection notices
These data protection notices only apply to processing for the websites https://www.aviatar.com and https://www.aviatar.io. Other websites are not covered by these data protection notices and provide their own specific data protection notices.
Appendix – notices on the tracking and remarketing tools used
AVIATAR uses third party services to both provide content on https://aviatar.com (eg. Videos, Fonts) and to measure the impact of our website (eg. total number of visitors per day)
We use eTracker as a tracking tool. Its functions are explained in the following paragraphs.
eTracker stores data on visitors, IP addresses and the device and domain data of visitors. This data is stored in truncated form or encrypted so that it is not possible to identify the individual user from it.
The collected data is administered in a data center located in Hamburg, Germany using the highly secure, high-quality and highly available data center infrastructure of IPHH Internet Port Hamburg GmbH, which is certified as complying with ISO/IEC 27001:2013.
eTracker gives us insights into the following data:
When the website was accessed (month, year, week, day, time of day)
What devices were used to access the website and what browser and operating system those devices use
What individual pages of the website are visited
Visitors' regions and languages
Visitors' click behavior: Click paths, click frequency
Dwell times on the individual pages of the website
Most-clicked pages on the website
Where the website was accessed from (referrer)
How often the website or its individual pages were called
Whether and how visitors return to the website or its individual pages
You can obtain more information on this tracking tool at: https://www.etracker.com/
You can see videos on our website. Most of these videos are not hosted on our infrastructure. Instead we're using services from Youtube to embed these Videos on our website. If you would like to learn more about how Youtube is potentially dealing with personal information and privacy regulation, please contact YouTube LLC directly or refer to their website (https://youtube.com, 901 Cherry Ave., San Bruno, CA 94066, United States of America). Youtube is part of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America) For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/