Register of procedures
of the data protection officer

Public register of procedures with regard to the processing of personal data

Conforming to §4g II pg. 2 of the BDSG (German Data Protection Act) the data protection officer has to provide the information given in enumeration 1 - 8 of this document in accordance with §4e sent. 1 BDSG upon request in an adequate way. 

1. Name of the legal entity

Lufthansa Technik AG 

2. Executive Board

Dr. Johannes Bussmann (Chairman)

Dr. Thomas Stueger

Constanze Hufenbecher

Antonio Schulthess 

3. Address of the legal entity

Lufthansa Technik AG
Weg beim Jaeger 193
22335 Hamburg
Germany

Authorized Director of Data Processing :
Carsten Fleer, HAM TI (interim CIO)
Company Data Protection Officer: Dr. Barbara Kirchberg-Lennartz, FRA RD 

4. Purpose of data collection, processing, or use

The business purpose of the company is to provide maintenance, repair and overhaul of aircraft, engines and components worldwide. Lufthansa Technik AG also provides the management of aircraft fleets as independent provider. To suffice this purpose Lufthansa Technik AG maintains settlements and technical facilities worldwide.
For reasons demanded by business purposes, the company is authorized to establish branch offices and facilities both domestically and abroad, to participate in other companies both domestically and abroad, to acquire and to establish such companies, as well as to enter into all transactions including joint venture contracts. It may cede its operations wholly or partially to such companies.

Data is collected, processed, and used for the above-mentioned purpose. Highlights of the processing of personal data are the following areas:
• Human Resources (Administration and Development)
• Suppliers (Administration according to GoB criteria (German GAAP))
• Customers (Customer Relationship Management)
• Head Office and Management functions pursuant to the EDP General Employee/Works Council Agreement between Lufthansa AG and labor-management relations agencies. 

5. Description of groups of persons affected and their related data or data categories

Customer data, employee data, as well as data from suppliers, to the extent that this is necessary to fulfil the purposes specified in 4. 

6. Recipients or categories of recipients to whom data may be disclosed

Public service authorities where high-priority legal regulations demand, external contractors according to §11 BDSG, as well as external offices and internal Lufthansa departments, in order to fulfil the purposes specified in 4. 

7. Statutory periods for deleting data

After expiration of storage obligations and periods as decreed by regulatory authorities, the relevant data is deleted routinely. Any data to which this does not apply is deleted if it is not needed for the purposes specified in 4. 

8. Planned transmission of data to other countries

Data is transmitted to authorities, customers, and suppliers in various countries within the context of conducting transactions that fulfil the business purpose in accordance with the above-named international regulations. 

9. Security measures

Lufthansa Technik AG takes safeguarding measures pursuant to §9 BDSG by practicing caution when awarding contracts, by maintaining appropriate quality regulations, and by training its staff.

Lufthansa Technik AG
Group data protection officer

Last modification 26 July 2017