Data privacy

Welcome to the website of Lufthansa City Airlines GmbH. Thank you for visiting our website and for your interest in our company.

Transparency and integrity in the processing of your personal data is important to us. Therefore, the processing of data is carried out in accordance with the currently valid data protection regulations, in particular the European General Data Protection Regulation (GDPR) applicable from 25.05.2018 and the new Bundesdatenschutzgesetz (BDSG-new) applicable from 25.05.2018.
In the following data protection information, we explain which information (including personal data) is processed by us during your visit and use of our aforementioned website ("website") and which rights you are entitled to at any time with regard to your personal data.

1. Name and contact details of the controller and the data protection officer 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Lufthansa City Airlines GmbH 
Munich Airport, FOC
Südallee 15
D-85356 Munich
E-mail: lh.city-airlines(at)lufthansa-group.com 

Data Protection Officer Lufthansa City Airlines GmbH:  
Group Data Protection Officer for the Lufthansa Group
German Lufthansa AG
Venloer Straße 151-153
50672 Cologne, Germany
E-mail: datenschutz(at)dlh.de

2. Collection and storage of personal data and the nature and purpose of processing

When visiting the website
It is not necessary to provide personal data (e.g. name, address, e-mail address, etc.) in order to use our website. When you visit our website, your browser automatically transmits information to the server of this site. These so-called log files are stored temporarily until they are automatically deleted:

• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• Host name/IP address of the accessing computer
• Date and time of the server request
• Websites from which the user's system accesses our website
• Websites that are accessed by the user's system via our website
• Amount of data transferred in each case

Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website, to eliminate malfunctions and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR. Under no circumstances do we use the data collected to draw conclusions about your person. 

Flight bookings 
We do not offer a booking function on our website. As soon as you wish to purchase a flight ticket, you will be redirected to the website of our parent company, Deutsche Lufthansa AG. Please note that the data protection provisions of Deutsche Lufthansa AG apply from this point onwards. You have the option to object to this at any time. Further information on Lufthansa's privacy policy can be found here https://www.lufthansa.com/de/de/datenschutz. 

Links to other websites
Our website contains links to other websites. We ourselves are not responsible for the data protection provisions of the linked websites and accept no liability for their content.

3. Use and disclosure of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your data to third parties if: 

• You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
• The disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
• In the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• This is permitted by law and is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that need it to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interest. Your data will only be passed on to external parties

• in connection with contract processing;
• for the purpose of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest; 
• to the extent that external service providers process data on our behalf as processors or function providers (e.g. external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data processing, data processing for the purposes of data protection). -plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
• on the basis of our legitimate interest or the legitimate interest of the third party for the aforementioned purposes (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, group companies and committees and supervisory bodies);
• if you have given us your consent to transfer your data to third parties.

We will not pass on your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards as we do. Personal data may be transferred to third countries or international organizations. For your protection and to protect your personal data, appropriate security precautions are taken for such data transfers in accordance with and in compliance with the statutory provisions.

If these transfers have no legal basis or are to a country for which the EU Commission has not issued an adequacy decision, we use EU standard contractual clauses.
In all other cases, the recipients may only use the data for the purposes for which it was transferred to them.

4. For how long will your data be stored?

Your personal data will be deleted as soon as it is no longer required for the stated purposes and there are no legal retention periods to the contrary. 

5. Cookies

Our website uses cookies. These have two functions. On the one hand, they are necessary for the basic functionality of our website: On the other hand, we can use cookies to continuously improve our content for you. You can find more information about cookies on this website here. 
 

This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). The information collected about your use of this website is not passed on to third parties. Our interest in and purpose of data processing lies in the optimization of our website, the adaptation of content and the improvement of our offer. The interests of users are adequately protected by anonymization.

IP anonymization
Matomo uses cookies and stores the IP addresses in anonymized form. Anonymization takes place immediately after the IP address is processed and before it is stored on our web server. This is done by shortening the IP address by the last octet in accordance with the resolutions of the data protection conference of the data protection supervisory authorities of the federal and state governments (DSK). This means that you as the user always remain anonymous.

Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
You can find further information in English at: https://www.matomo.org/

Legal basis 
The use of this analysis tool is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent is voluntary, is not a condition for the use of this website and can be revoked at any time with effect for the future.

Deactivate Matomo
If you do not agree to the storage and use of your data, you can deactivate the storage and use here.