Privacy Policy

Principles

In addition to being bound by strict German and European legislation concerning data privacy, Lufthansa Technik wishes to assure you of its strong commitment to the following principles, which in certain aspects go even further than the current legislation. Lufthansa Technik feels a strong need to observe a balance between offering personalized services to its customers and safeguarding the individual's right to data privacy. In the event of any questions or problems concerning this Privacy Policy, please contact our data protection officer. 

  • Lufthansa Technik Puerto Rico LLC. does not collect personally identifiable information through the Internet or otherwise unless you explicitly choose to provide this information. If Lufthansa Technik Puerto Rico LLC. collects information, this will only be for clearly specified purposes.
  • When you choose to provide us with information, it is kept strictly confidential. We do not sell, share or in any way disclose the information obtained for specific purposes to third parties unless obliged to do so by law and/or legal proceedings (e.g., court orders).
  • The data our customers provide us with is discarded as soon as the original purpose is no longer relevant or the customer informs us that he/she desires the data to be discarded.
  • Whenever Lufthansa Technik Puerto Rico LLC. collects personal data, the latest security technology is used. Currently, a SSL is in use to make sure that third parties (e.g., ISPs, network companies, ...) cannot access the content transmitted via the Internet.
  • We make every effort to keep data given to us accurate and up to date, and we will process requests for updates quickly and reliably.
  • We make sure that our staff is trained to adhere to these standards. Our employees sign a statement of commitment to these principles.
 

1. Controller

We, Lufthansa Technik Puerto Rico LLC , 102 San Antonio Rd. Rafael Hernandez Airport,  Aguadilla, PR 00604, (hereinafter also referred to as "we" or "us"), hereby provide you with information on the processing of your personal data collected as part of your use of our website https://www.lht-puertorico.com ("website").

If you have further questions on the subject of data protection in connection with our website or the services offered on it, please contact our data protection officer:

Data protection officer of Lufthansa Technik Puerto Rico:


Jose C. Villanueva-Vazquez, Dep.: BQN/UZOIA

E-Mail: dpc@lht-puertorico.com 

  

2. Scope and purpose of and legal basis for the processing of personal data

We are aware that quite a few participating parties in the Internet do not adhere to these principles . We do not accept any responsibility for the behavior and practices of third parties involved. Although we try to make sure that sites we link to adhere to the principles mentioned above, we are not responsible for the content and privacy policy employed by other Internet sites, carriers and ISPs. 

2.1.Provision of the website and creation of log files

Whenever users visit our website, our system automatically records data and information from the computer system used to call our website. The following data ("technical information") is collected in the process:

  • Information on the type of browser used and its version
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • The date and time of access
  • Websites from which the user's system accesses our website
  • Websites that the user's system calls from our website
     

The log files contain IP addresses or other data that may, in some cases, enable them to be associated to a user. That may be the case, for example, if personal data is contained in the link to the website from which the user enters our website, or the link to the website to which the user switches.

The data is likewise stored in our system's log files. This data is not stored together with other personal data of the user.

We collect and use this technical information for purposes of (network) security (such as to combat cyberattacks), marketing, and to be able to better understand our users' needs, as well as to continuously improve our website and to enable us to deliver the website to the user's computer system.

The data is stored in log files in order to ensure that the website functions properly. This data also helps us optimize the website and ensure the security of our IT systems. It is not analyzed for marketing purposes in this connection.

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the EU General Data Protection Regulation (GDPR).  

2.1.1. Use of Cookies

Our website uses cookies. Cookies are text files that are stored in your web browser or by the web browser of your computer system. If you call a website, a cookie may be stored on your operating system. This cookie contains a characteristic string that allows your browser to be identified unambiguously if you call the website again.

Cookies are stored on your computer system and transferred from it to our site. That means that you, the user, have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This process can be automated. If cookies are disabled for our website, you may no longer be able to use all of the website's features in full.  

2.1.2. Tracking Tool

We use the following tracking tool on our website:

eTracker
 

The legal basis for using it is our legitimate interests in accordance with Article 6(1)(f) of the GDPR for the purpose of enhancing the efficiency of our website and (direct) marketing.

You can find more information on eTracker in section 8 "Tracking tool: eTracker."  

2.2. Use of the services offered on our website

We offer a number of services on our website. To provide those services, we must collect and process personal data from the user or our customers. 

2.2.1. Customer Newsletter

You can subscribe to a free newsletter on our website. The data entered in the input screen when registering for the newsletter is sent to us and processed:

  • E-mail address
  • Form of address
  • Title
  • First name
  • Last name
  • Company name
  • Country
     

The following data is also collected during registration:

The date and time of registration
 

The following data on usage behavior is collected:

  • Opening patterns
  • Clicking patterns
  • Log-offs
     

During registration, your consent to the processing of the data is obtained and your attention is drawn to this data privacy statement.

Contact data and data on usage behavior are stored electronically at a German service provider and analyzed and processed solely by Lufthansa Technik for the purpose of improving its customer service and sending out newsletters.

We process your data in connection with the newsletter in order to send you news on interesting topics from the world of Lufthansa Technik. We also process and use registration and usage data to send you your newsletter with personalized and tailored content.

If a link from the newsletter takes you to our website, you also give us your permission to process and use your IP address as well as geodata, web beacons or similar technologies, in order to check whether the offers made to you met your requirements.

The legal basis for processing data after the user has registered for the newsletter is Article 6(1)(a) of the GDPR in cases where the user has given consent.  

2.2.2. Contact Forms

You can address inquiries to us and get in touch with a specific contact person using various contact forms. To do this, you must provide your contact information. You will find the following contact forms on our website: 

  • General Lufthansa Technik AG contact form
  • manage/m contact form,
  • Ombudsmann System,
  • Subscription form for Technik connection magazine
 

2.2.3. Customer Contact Data

Contact data which a sales employee at a Lufthansa Technik Group company receives from the employees of our potential or actual customers for the purpose of business communication is recorded in our shared CRM system and is thus also available to other companies in the Lufthansa Technik Group for that purpose.  

2.2.4 User administration in manage/m

If you want to use our manage/m portal owing to existing contracts with our customers, you must first be registered as a user by our customer service. To do this, we will need the following information from you: First name, last name, telephone number, e-mail address and customer organization.  

2.2.4.1 News Function

Depending on your existing system rights, after you log in to manage/m you may be shown news reports that announce planned releases or application outages. These reports can be marked as "read". In the process, the user ID and the report's ID are logged.  

2.2.4.2 Integrated System Calls

After you log in, several applications that are available via the portal can be called up directly (single sign-on). Lufthansa Technik uses these applications to provide its customers with valuable information and evaluations with respect to purchased services. If an application is called up, session cookies, the user ID and the customer organization of the user who has logged in are transferred to that application. This process supports the provision of the work focus in order to deliver the most direct access to relevant information possible.  

2.2.4.3 Authorization Statistics

We provide selected users (called key users) with reports in order to enable regular audits of existing user IDs and the associated system authorizations by our customers. These reports include:

  • User ID
  • Name
  • E-mail
  • Telephone number
  • Fax number
  • Customer organization
  • System authorizations
 

2.2.5 Statistical Analyses

It cannot be ruled out that your data will be analyzed in a data warehouse so that our users' preferences can be evaluated ("statistical analyses"), to enable marketing oriented to users' interests, personalized user address and the continuous optimization of our business processes. We process the data in this way to gain a better understanding of what our customers expect from us and to be able to offer them personal communication tailored to their needs. These analyses also help us in fraud detection, auditing, and ensuring security, i.e. we process the data to safeguard our legitimate interests in accordance with Article 6(1)(f) of the GDPR.  

2.3. Our legitimate interests in processing personal data

Where Article 6(1)(f) of the GDPR is the legal basis for processing, our legitimate interests – apart from the purposes stated above – are:

 

  • Protecting the company against material or non-material damage
  • Making our products and services more professional
  • Optimizing (controlling and minimizing) costs
 

2.4. Other processing Obligations

Where we are obligated by law, we process personal data to comply with retention obligations under commercial law or to meet statutory requirements relating to security (such as those pursuant to Section 7 of the German Aviation Security Act (LuftSiG)). You can find more information on retention periods in the section "Duration of data processing" below.  

3. Duration of data processing

A cookie is a small element of data that can be exchanged between an Internet site and a client's browser. It can be stored on either side to enable the Internet application to recognize the client on return. You can set your browser to notify you when you receive a cookie, and you may choose to accept the cookie or not. If you do not accept the cookie the corresponding Internet page cannot be accessed. If you accept the cookie, you can delete it from the file (cookies.txt) or from the directory (e.g.: ..\WINNT\cookies\...) after the session. 

4. Right to object in accordance with Article 21 of the GDPR

We employ a technology called SSL to make sure that confidential data cannot be intercepted by third parties. To ensure this level of security, the LHT Internet server bears a certificate in keeping with common practice in e-business. This certificate is issued by a security provider. In the case of LHT, the provider is "TC TrustCenter GmbH", which is based in Hamburg. "TC TrustCenter" is known and accepted automatically by your browser as an official security provider in the case of Version 5.01 and higher for MS Internet Explorer or Version 4.5 or higher for Netscape Communicator. Please refer to the corresponding user manuals made available to you when you get your authorization for further technical details. 

5. Disclosure of personal data to third parties

We may be required to forward your personal data to third parties within or outside the Lufthansa Group in order to be able to offer you our products and services on the basis of our contractual obligations or our legitimate interests. These recipients can be categorized as follows:

  • Service providers
  • Transportation and logistics
  • Marketing
  • IT
  • Government bodies and authorities
  • Members of the Lufthansa Technik Group

 

Personal data may be transmitted to third countries or international organizations as part of this. For your protection and the protection of your personal data, appropriate safeguards are provided for such data transmissions as per and in accordance with legal requirements (particularly, the use of EU standard contractual clauses) or an adequacy decision has been issued by the EU Commission (Art. 45 GDPR).

For information on EU standard contractual clauses, please visit [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF]. The EU Commission provides the relevant information relating to its adequacy decisions at [https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu].

We are also legally obliged to provide personal data to Puerto Rico and international authorities, Art. 6(1)(c) GDPR together with local and international regulations and agreements. 

6. Rights of data subjects

Lufthansa Technik AG is committed to the fair and transparent processing of data. We therefore believe it to be important that data subjects not only have the right to object, but can also exercise the following right if the relevant legal requirements are fulfilled:

  • Right to access (Article 15 of the GDPR)
  • Right to rectification (Article 16 of the GDPR)
  • Right to erasure ("right to be forgotten") (Article 17 of the GDPR)
  • Right to restriction of processing (Article 18 of the GDPR)
  • Right to data portability (Article 20 of the GDPR)

To exercise your right, please email webbox@lht.dlh.de. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR.

You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for Lufthansa Technik Puerto Rico is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(Hamburg Commissioner for Data Protection and Freedom of Information)
Kurt-Schumacher-Allee 4
20097 Hamburg
Germany
Phone: +49 40 42854-4040
Fax: +49 40 42854-4000
E-mail: Mailbox@datenschutz.hamburg.de
 

7. Consent

If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time.

 

If you gave this consent on the website, please visit the page where you originally gave consent or log in using your LH ID in order to withdraw consent in the settings.

In all other cases or if you have problems withdrawing your consent on the website, you can contact webbox@lht.dlh.de

Please note that your consent can only be withdrawn with future effect and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract. 

8. Tracking tool: eTracker

We use eTracker as a tracking tool. Its functions are explained in the following paragraphs.

eTracker stores data on visitors, IP addresses and the device and domain data of visitors. This data is stored in truncated form or encrypted so that it is not possible to identify the individual user from it.

The collected data is administered in a data center located in Hamburg, Germany using the highly secure, high-quality and highly available data center infrastructure of IPHH Internet Port Hamburg GmbH, which is certified as complying with ISO/IEC 27001:2013.

eTracker gives us insights into the following data:

  • When the website was accessed (month, year, week, day, time of day)
  • What devices were used to access the website and what browser and operating system those devices use
  • What individual pages of the website are visited
  • Visitors' regions and languages
  • Visitors' click behavior
  • Click paths, click frequency
  • Dwell times on the individual pages of the website
  • Most-clicked pages on the website
  • Where the website was accessed from (referrer)
  • How often the website or its individual pages were called
  • Whether and how visitors return to the website or its individual pages

You can obtain more information on this tracking tool at: https://www.etracker.com/