Privacy Notice
of Lufthansa Innovation
Hub GmbH
In this data protection notice, Lufthansa Innovation Hub GmbH, Brunnenstraße 19-21, 10119 Berlin, Germany, e-mail: datenschutz@lh-innovationhub.com (“we”, “us”) would like to inform you about how we process personal data about you during your visit to our websites and use of our online store.

1. What Personal Data Do We Collect from You?

Personal data is all information about an identified or identifiable natural person that you provide to us or that is created or collected by us. These are e.g:  


Booking data:

If you book a training course or an appointment via our website, the data you enter and the content data about you are processed (such as the information from your booking, billing address, telephone number, e-mail address, payment methods, company name). We also collect information about the time, scope and, if applicable, location of your booking.

Newsletter data:

When you register to receive newsletters, the data you enter and the content data about you as well as the information you provide will be processed.

Applicant data:

If you apply to us (e.g. as an employee or intern), we process in particular your master and contact data, CV, cover letter, references, internal notes on interviews. We do not ask for or process any special types of personal data, such as health data, unless you provide us with this information without being asked or because you want us to be able to take special legal features into account (e.g. severely disabled status).

Usage data:

We create usage profiles under a pseudonym with regard to your use of our website, with the help of which we can understand how our website is used. In addition, the click behavior when receiving newsletters is evaluated and stored in user profiles; this data is not merged with the pseudonymized user profiles described in the previous sentence or with your customer account.

Server log data:

When you use our websites, data about this (such as the date and time of your visit, pages accessed and files requested, type and version of the web browser you are using, type and operating system of the end device you are using and your IP address) is temporarily stored in a log file on our servers.


2. For What Purposes, on What Legal Basis, and for How Long Do We Process Your Personal Data?

2.1 Your Training Booking

If you want to use one of our training offers and book a training with us, we process your booking data to handle the order and conduct the training. The legal basis for the processing is the conclusion and fulfillment of the contract for the execution of the training course you have booked, Art. 6 para. 1 lit. b GDPR.

These data are deleted when they are no longer required for contract performance, unless we are legally obliged to retain them, e.g., due to commercial or tax retention obligations.  

We use the Stripe service provided by Stripe Payments Europe Ltd (Ireland - EU) to process payment transactions. The name, EC and credit card data, purchase date and amount as well as other information provided during the order process are processed. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR. Stripe may also process the data in the USA. Stripe is certified under the EU-US Data Privacy Framework. Data transfer to the USA is also based on the EU standard contractual clauses https://stripe.com/de/guides/general-data-protection-regulation. You can find more information on data processing by Stripe at https://stripe.com/de/privacy.

2.2 Your Appointment Booking

If you arrange appointments with us on our website, we process the data you provide in the appointment booking portal (usually name, email address, appointment) in order to plan and keep the appointment with you.

The legal basis for the processing is the conclusion and fulfillment of the contract concluded for the joint appointment, Art. 6 para. 1 lit. b GDPR.

This data will be deleted when it is no longer required for the performance of the contract, unless we are legally obliged to store it, e.g. due to commercial or tax retention obligations.

As part of the appointment booking process, we use the appointment booking tool “Microsoft Bookings” from the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, which has been commissioned as our processor in accordance with Article 28 GDPR.

2.3 Your Inquiries

If you send us inquiries by email or via the contact form, we will process the information you provide in order to respond to your inquiry.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR to answer your inquiry. If your request is aimed at the initiation or execution of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

You can object to the processing of your data on the basis of Art. 6 (1) lit. f GDPR. We can then continue the processing if we can prove compelling reasons for the processing. In this case, this may be necessary in particular to be able to prove past communication and inquiries with you. If there are no such compelling reasons, we will stop communicating with you and delete data that has already been collected.

This data will be deleted when our communication with you has ended, i.e. when the matter in question has been conclusively clarified and there are no further legitimate interests in storing it or there are no further legal obligations to store it.

2.4 Your Application

In order to record and review your applications as an employee or intern, to conduct interviews, to carry out additional research where necessary and permissible, to make our internal decisions about your application and to make an acceptance or rejection, we process the information you provide from public sources such as the Internet or from previous employers.

The legal basis for the processing is Art. 6 para. 1 lit. b GDPR (data processing for the decision on the establishment of an employment relationship) or your consent to further storage in an applicant database for later consideration (Art. 6 para. 1 lit. a GDPR).

We store your data for as long as it is required for the aforementioned purposes and delete the data of rejected applications within 6 months of notification of our decision. In the case of accepted applications, the data will be included in your personnel file. In the event of a rejection, you can voluntarily give us your consent to store your data in our applicant database for a longer period of time, unless you have already consented to this, in the event that we have vacancies for you again at a later date.

2.5 Advertising and Product Development (Usage Data, Newsletter, etc.), Right to Object

We would also like to use your personal data or anonymous statistics compiled from it to inform you about our products and services or to improve our offers and services (product improvement, customer analyses).

You can subscribe to a free newsletter on our website. The data collected during registration (e-mail address) will be processed.

In addition, we use the anonymized or aggregated data obtained with the help of analysis tools (in particular cookies) to track the surfing behavior of all visitors and thus improve the design of our website and our content in general. For details on the analysis tools (cookies), see our Cookie Declaration (https://lh-innovationhub.de/cookies/).

You can revoke your consent to the use of your personal data for advertising and product development purposes and the contact made for this purpose at any time. Please use the corresponding functions provided for you (e.g. the unsubscribe function in the newsletter) or send a corresponding message in writing (keyword: data protection) or by e-mail to datenschutz@lh-innovationhub.com.

 

The legal basis for the processing is your consent (Art. 6 (1) lit. a GDPR).

 

This data will be deleted after you withdraw your consent or otherwise at the latest after the end of use by us or only in aggregated, anonymized form.

We use the processors Rocket Science Group LLC (USA) (“MailChimp”) and Zapier, Inc. (USA) (“Zapier”) to send our newsletter. Both companies are certified in accordance with the EU-US Privacy Framework.

2.6 Provision of the Website and Services

The processing of server log data is necessary for technical reasons in order to provide the websites and services and then to ensure system security. The legal basis for the processing is our legitimate interest in providing the website with our services (Art. 6 (1) lit. f GDPR). The processing is absolutely necessary for the use of the website for technical reasons and then to ensure system security, so there is no right to object.

This data is deleted after 30 days at the latest.

The server log data may then be analyzed anonymously for statistical purposes and to improve the quality of our website. The server log data is not linked to your personal data or merged with other personal data sources.

The following web service providers are used to host and deliver this website:

  • “Webflow” of Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow has been contractually engaged as a processor in accordance with Article 28 GDPR. Data processing is carried out on the basis of the EU standard contractual clauses pursuant to Article 46 GDPR.  
  • ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany, and
  • Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare, Inc. has been contractually obligated as a processor in accordance with Article 28 GDPR and is certified in accordance with the EU-US Data Privacy Framework.

3. Security

We and our service providers take technical and organizational security precautions to protect the personal data we manage against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our data processing and security measures are continuously improved in line with technological developments.

 

When your personal data is transmitted to us, it is encrypted using Secure Socket Layer (SSL). Personal data that is exchanged between you and us is always transmitted via encrypted connections that correspond to the current state of the art.

 

Our employees and our contracted service providers are of course obliged to maintain confidentiality.

4. Our Data Protection Officer

Our data protection officer can be reached as follows:

Deutsche Lufthansa AG
Airportring – LAC
60546 Frankfurt
Email: datenschutz@dlh.de.

5. Your Rights

Every natural person whose personal data we process has the following rights vis-à-vis us (i.e. depending on the respective requirements):

  • If you have any questions about the processing of your personal data by us, we will be happy to provide you with inaformation about the personal data stored about you free of charge at any time (Art. 15 GDPR).
  • You have the right to have incorrect data corrected and incomplete data completed (Art. 16 GDPR).
  • You have the right to block/restrict the processing or erasure of your personal data that is no longer required or stored due to legal obligations (Art. 17, 18 GDPR)
  • You have the right to receive the data in a structured, commonly used and machine-readable format if you have provided us with the data on the basis of consent or a contract between us and you (Art. 20 GDPR).
  • You have the right to object at any time to the processing of your data for direct marketing purposes (Art. 21 (2) and (3) GDPR).
  • You have the right to object to processing on the basis of a legitimate interest, whereby we can then demonstrate our compelling reasons (Art. 21 para. 1 GDPR). We have indicated above (see section 2) if this right exists.  
  • If you have given your consent to data processing, you can revoke this at any time with effect for the future, i.e. the legality of the data processing up to the time of revocation remains unaffected. Once you have withdrawn your consent, you may no longer be able to use our services.

Please address your concerns to datenschutz@lh-innovationhub.com or to the contact address stated in section 4. We reserve the right to verify your identity so that your personal data does not become known to unauthorized persons.

You also have the right to lodge a complaint with a data protection supervisory authority.

6. Changes

From time to time it is necessary to adapt the content of this data protection notice. We therefore reserve the right to amend it at any time. We will also publish the amended version of the data protection information here. If you visit us again, you should therefore read the data protection information again.

Lufthansa Innovation Hub GmbH
Brunnenstraße 19-21
10119 Berlin, Germany

lh-innovationhub.com

Imprint

Terms & Conditions

Privacy Notice

Contact