Register of proceedings of the data protection officer

Public register of proceedings regarding the processing of personal data

Pursuant to §4g II pg. 2 of the BDSG (German Data Protection Act) a data protection officer will provide information regarding data appearing in points 1 - 8 of this document in accordance with §4e sent. 1 BDSG upon request presented in an appropriate fashion.

1. Name of the responsible post
Deutsche Lufthansa AG

2. Executive Board
Carsten Spohr (Vorsitzender/Chairman)
Karl Ulrich Garnadt
Harry Hohmeister
Simone Menne
Dr. Bettina Volkens

3. Address of the responsible post
Deutsche Lufthansa AG
Von-Gablenz-Str. 2-6
50679 Köln

Authorized Director of Data Processing:
Josef Bogdanski, FRA CT (Employee-related IT)
Dr. Roland Schütz, FRA IM (Customer-related IT)
Company Data Protection Officer: Dr. Barbara Kirchberg-Lennartz, FRA RD

4. Purpose of data collection, processing, or use
The business purpose of the company is domestic and non-domestic air traffic and the operation of all transactions and facilities connected to air travel and its demands.
For reasons demanded by business purposes, the company is authorized to establish branch offices and facilities both domestically and abroad, to participate in other companies both domestically and abroad, to acquire and to establish such companies, as well as to enter into all transactions including joint venture contracts. It may cede its operations wholly or partially to such companies.

Data is collected, processed, and used for the above-mentioned purpose. Highlights of the processing of personal data are the following areas:

  • Human Resources (Administration and Development)
  • Suppliers (Administration according to GoB criteria (German GAAP)
  • Shareholders (Administration and Support)
  • Customers (Reservations, Customer Relationship Management)
  • Head Office and Management functions pursuant to the EDP General Employee/Works Council Agreement between Lufthansa AG and labor-management relations agencies

5. Description of groups of persons affected and their related data or data categories
Customer data, employee data, shareholder data, as well as data from suppliers, to the extent that this is necessary to fulfil the purposes specified in 4.

6. Recipients or categories of recipients to whom data may be disclosed
Public service authorities where high-priority legal regulations demand, external contractors according to §11 BDSG, as well as external offices and internal Lufthansa departments, for fulfilling the purposes specified in 4.

7. Statutory periods for deleting data
After expiration of storage obligations and periods as decreed by regulatory authorities, the relevant data is routinely deleted. Any data to which this does not apply is deleted if it is not needed fur the purposes specified in 4.

8. Planned transmission of data to other countries
Data is transmitted to authorities, customers, and suppliers in various countries within the context of conducting transactions that fulfill the business purpose in accordance with the above-named international regulations.

9. Security measures
Deutsche Lufthansa AG takes safeguarding measures pursuant to §9 BDSG by practicing caution when awarding contracts, by maintaining appropriate quality regulations, and by training its staff.

Deutsche Lufthansa AG
Group data protection officer

Star Alliance