Privacy & Terms

General Terms and Conditions

The information provided on this site is intended for Lufthansa Technik's customers and for other interested persons and provides information of a general nature only. It is not intended to create any legal obligation of Lufthansa Technik. Lufthansa Technik has taken great care to compile the information and to ensure that it is correct and complete. The information is updated at irregular intervals. As such information may be subject to rapid and recurrent changes, we would like to point out that despite all efforts, the information may occasionally be out of date, incorrect or incomplete. As a result, LufthansaTechnik provides this information "as is" and makes no assurance or warranty with regard to such information.

Controller

We, Lufthansa Technik AG (Weg beim Jaeger 193, 22335 Hamburg, Germany) (hereinafter also "AVIATAR", "LHT", "we", "us"), wish to inform you how your personal data is processed when you use our website https://www.aviatar.com (or https://www.aviatar.io including sub-domains) ("website"). If you have any further queries regarding data protection in connection with our website or the services offered, please contact our data protection officer:

Deutsche Lufthansa AG
Data Protection Officer 
Airportring
60546 Frankfurt 

E-Mail: datenschutz@dlh.de

If contact is made by e-mail, communication is unencrypted.

Scope, purpose and legal basis of processing personal data

We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:

Provision of the website and log file creation

By visiting our website the system automatically records data and information about the user's computer system each time the website is accessed. The following data ("technical information") are collected:

  1. Information on the browser type and version used
  2. The user's operating system
  3. The user's Internet service provider
  4. The user's IP address
  5. Date and time of access
  6. Websites from which the user's system accesses our website
  7. Websites accessed by the user's system via our website.


We collect and use this technical information for purposes of (network) security (such as to combat cyberattacks), marketing, and to be able to better understand our users' needs, as well as to continuously improve our website and to enable us to deliver the website to the user's computer system.

The log files contain IP addresses or other data that may, in some cases, be able to be associated to a user. That may be the case, for example, if personal data is contained in the link to the website from which the user enters our website, or the link to the website to which the user switches.

The data is likewise stored in our system's log files. This data is not stored together with other personal data of the user.

The data is stored in log files in order to ensure that the website functions properly. This data also helps us optimize the website and ensure the security of our IT systems. It is not analyzed for marketing purposes in this connection.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the EU General Data Protection Regulation (GDPR). 

Use of cookies

Our website uses cookies. Cookies are text files that are stored in your web browser. If you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string that allows your browser to be identified unambiguously if you visit the website again. There are two types of cookies:     

 - session cookies, which are temporary and are erased when you close your browser at the end of your surfing session. The next time you visit our website it will not recognize you and will treat you as a new visitor.

- persistent cookies, which stay in one of your browser's subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie's file.

Cookies are stored on your computer system and are transferred to our site. That means that you, the user, have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This process can be automated. If cookies are disabled for our website, you may no longer be able to use all of the website's features in full. 

We use the following categories of cookies to provide you with the following functionality or information:

  • Essential: These cookies are necessary to run the core functionalities of this website, e.g. security related functions and consent management.
  • Functional: We use these cookies to make using our website even more comfortable for you.
  • Marketing: In order to improve continuously our website, we anonymously track data for statistical and analytical purposes. With these cookies we can, for example, track the number of visits or the impact of specific pages of our web presence and therefore optimize our content. (see section 8)
  • Personalization: We do not use any cookies of the category Personalization.

The legal basis for storing essential cookies in your webbrowser is Article 6(1)(f) of the GDPR. For all other cookies we ask for your consent, i.e. the legal basis is Article 6(1)(a) of the GDPR.

By deleting the cookies you are able to delete the stored information of our website at any time.

Your Aviatar.io Account

In order to use any services using the top-level-domain aviatar.io you'll need a personalized account. Our legitimate interest according to Art. 6(1)(f) GDPR can be justified with the security and integrity of our platform as well as fraud protection. We also need a personalized account for authentication and in order to be able to provide access to only the information you are allowed to access. Each user-account on aviatar.io contains the following personal information:

  • Username
  • Your hashed password
  • E-Mail address
  • First- and Lastname
  • Affiliation
  • Active sessions on aviatar.io (including your current IP address)

This information was provided by the organization you're working for or by yourself. After login you are able to review these details. If you feel that this information is not correct, then we highly appreciate to hear from you via privacy(at)aviatar.com. You can also contact us via your local IT department.

Use of the services offered on our website

We offer a range of different services on our website. We must collect and process user or customer personal data in order to perform these.

Provide Information about AVIATAR

The primary purpose of this website is to provide information about AVIATAR – an open, modular and neutral platform for the aviation industry. This website https://www.aviatar.com has the sole purpose to inform you about our product. We only use "technical information" (as described above) to improve our website and the user experience. We also offer videos about our product that are not hosted on https://aviatar.com. The respective infrastructure providers may also collect personal information, but we're unable to access this information. Please note that you have the right to learn which personal data are collected by third parties and how these data are processed. To learn more about your rights we kindly ask you to review the privacy policies on the respective websites (you can find information of involved 3rd parties below).

Contact Forms

You can use this website https://aviatar.com to address inquiries to us and get in touch with a specific contact person using various contact forms. To do this, you must provide your contact information. The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The data entered in the input screen is sent to us and processed:

  • Name
  • E-mail address
  • Company name

Aviatar Platform

We're providing AVIATAR – an open modular and neutral platform for the aviation industry – through https://aviatar.io and respective subdomains. LHT provides and operates the online-platform "AVIATAR" which serves as a web-based hub for modular applications offering a variety of digital products and services for the aviation and other industries, including but not limited to MRO of aircraft. Processing personal information is not the purpose of the AVIATAR Platform. However personal information are required to some extend to provide access (please review the chapter "your avitar.io account" for more details).

Statistical analysis

Your data may be analyzed in a data warehouse to evaluate the preferences of our registered customers ("statistical analysis") for the purposes of interest-led marketing, individual approaches and continuous optimization of our business processes. We undertake this processing in order to acquire a better understanding of what our customers expect from us and to allow us to offer you communication that is tailored to you personally. This analysis also helps us with fraud detection, auditing and safeguarding security, which is why we perform this processing to protect our legitimate interests, according to Art. 6(1)(f) GDPR.

Our legitimate interest in processing personal data

If Art. 6(1)(f) GDPR forms the legal basis for the processing, our legitimate interests are, in addition to the purposes listed above:

  • To protect the company against material and immaterial damage
  • Professionalism (of our products and services)
  • Cost optimization (control and minimization)

Other processing commitments

If obliged to do so by law, we process personal data in order to meet duties of retention under commercial or tax law or to meet legal security requirements (such as Section 7 of the Aviation Security Act [LuftSiG]). For further information on retention periods, please refer to "Duration of the data processing".

Obligation to provide personal data

The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The input is either mandatory because of legal or contractual requirements.

Duration of the data processing

Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against LHT may be enforced (statutory limitation period of three to thirty years). Personal data are also saved to the extent that and for as long as LHT is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods up to ten years.

Right to object pursuant to Art. 21 GDPR

You have the right to object, on reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Disclosure of personal data to third parties

In order to offer you our products and services, based on our contractual obligations or in accordance with our legitimate interests, we may have to disclose your personal data to third parties internal or external to the Lufthansa Group. These recipients can be categorised as follows:

  • Service providers
  • Transportation and logistics
  • Marketing
  • IT
  • Government bodies and authorities
  • Members of the Lufthansa Group

Personal data may be transmitted to third countries or international organisations as part of this. For your protection and the protection of your personal data, appropriate safeguards are provided for such data transmissions as per and in accordance with legal requirements (particularly, the use of EU standard contractual clauses) or an adequacy decision has been issued by the EU Commission (Art. 45 GDPR).

For information on EU standard contractual clauses, please visit https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=DE

The EU Commission provides the relevant information relating to its adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu

A copy of the security precautions used may also be requested from privacy(at)aviatar.com. We are also legally obliged to provide personal data to German and international authorities, according to Art. 6(1)(c) GDPR together with local and international regulations and agreements.

Rights of the data subject

LHT is committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can not only exercise their right to object but also the following rights where the respective legal requirements are satisfied:

  • Right of access, Art. 15 GDPR
  • Right to rectification, Art. 16 GDPR
  • Right to erasure ("right to be forgotten"), Art. 17 GDPR
  • Right to restriction of processing, Art. 18 GDPR
  • Right to data portability, Art. 20 GDPR

To exercise your right, please email privacy@aviatar.com. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR. You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for Lufthansa Technik is:


Freie und Hansestadt Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Germany
Phone: +49 40 42854-4040
Fax: +49 40 42854-4000
E-mail: mailbox@datenschutz.hamburg.de

Consent tool: USercentrics

In the context of order processing, we transmit personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as a processor. Consent data means the following data: 

  • Date and time of the visit and consent / refusal 
  • Device information. 

The processing of the data is carried out for the purpose of compliance with legal obligations (obligation to provide evidence pursuant to Art. 7 (1) GDPR) and the associated documentation of consents and thus on the basis of Art. 6 (1) lit. c) GDPR. Local storage in the European Union is used to store the data.

The consent data is stored for 1 year.

For more information about the collected data and contact options, please visit https://usercentrics.com/privacy-policy/.

Tracking tool: eTracker

We use eTracker as a tracking tool.

The legal basis for using it is our legitimate interests in accordance with Article 6(1)(f) of the GDPR for the purpose of enhancing the efficiency of our website and (direct) marketing.

Its functions are explained in the following paragraphs.

eTracker stores data on visitors, IP addresses and the device and domain data of visitors. This data is stored in truncated form or encrypted so that it is not possible to identify the individual user from it.

The collected data is administered in a data center located in Hamburg, Germany using the highly secure, high-quality and highly available data center infrastructure of IPHH Internet Port Hamburg GmbH, which is certified as complying with ISO/IEC 27001:2013.

eTracker gives us insights into the following data:

  • When the website was accessed (month, year, week, day, time of day)
  • What devices were used to access the website and what browser and operating system those devices use
  • What individual pages of the website are visited
  • Visitors' regions and languages
  • Visitors' click behavior: Click paths, click frequency
  • Dwell times on the individual pages of the website
  • Most-clicked pages on the website
  • Where the website was accessed from (referrer)
  • How often the website or its individual pages were called
  • Whether and how visitors return to the website or its individual pages
     

You can obtain more information on this tracking tool at: https://www.etracker.com/

Consent

If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time. 

If you gave this consent on the website, please visit the page where you originally gave consent or log in using your LH ID in order to withdraw consent in the settings. If you have consented to receive our newsletter, you may withdraw this consent by using the "Unsubscribe" link in the newsletter. In all other cases or if you have problems withdrawing your consent on the website, you can contact privacy@aviatar.com. Please note that your consent can only be withdrawn with future effect and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract.

Disclaimer and limitations of these data protection notices

These data protection notices only apply to processing for the websites https://www.aviatar.com and https://www.aviatar.io. Other websites are not covered by these data protection notices and provide their own specific data protection notices.

Appendix – notices on the tracking and remarketing tools used

AVIATAR uses third party services to both provide content on https://aviatar.com (eg. Videos, Fonts) and to measure the impact of our website (eg. total number of visitors per day)

Youtube

You can see videos on our website. Some of these videos are not hosted on our infrastructure. Instead we're using services from Youtube to embed these Videos on our website. If you would like to learn more about how Youtube is potentially dealing with personal information and privacy regulation, please contact YouTube LLC directly or refer to their website (https://youtube.com, 901 Cherry Ave., San Bruno, CA 94066, United States of America). Youtube is part of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America) For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/

Vimeo

You can see videos on our website. Some of these videos are not hosted on our infrastructure. Instead we're using services from Vimeo to embed these Videos on our website. If you would like to learn more about how Vimeo is potentially dealing with personal information and privacy regulation, please visit their website. Or contact Vimeo directly: Vimeo.com, Inc., Attention: Data Protection Officer,330 West 34th Street, 5th Floor, New York, New York 10001, USA, 
Privacy@vimeo.com  


Last updated: 23 February 2023