Privacy & Terms
General Terms and Conditions
The information provided on this site is intended for Lufthansa Technik's customers and for other interested persons and provides information of a general nature only. It is not intended to create any legal obligation of Lufthansa Technik.
Lufthansa Technik has taken great care to compile the information and to ensure that it is correct and complete. The information is updated at irregular intervals. As such information may be subject to rapid and recurrent changes, we would like to point out that despite all efforts, the information may occasionally be out of date, incorrect or incomplete. As a result, LufthansaTechnik provides this information "as is" and makes no assurance or warranty with regard to such information.
The website and its content is not intended for persons in jurisdictions which do not permit the distribution or the access to the content of this site. It is the responsibility of the user to comply with any such limitations before accessing this site.
We, Lufthansa Technik AG (Weg beim Jaeger 193, 22335 Hamburg, Germany) (hereinafter also "LHT", "we", "us"), wish to inform you how your personal data is processed when you use
- our Website www.toolnow.com ("website") or
- the B2B platform ToolNOW sso.app.toolnow.com/ app.toolnow.com ("application").
The ToolNOW application could also be accessed by registered users via the B2B platform AVIATAR www.aviatar.com.
If you have any further queries regarding data protection in connection with our website or the services offered, please contact our data protection officer:
Group Data Protection Officer for the Lufthansa Group:
2. Scope, purpose and legal basis of processing personal data
We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:
2.1 Provision of the website and log file creation
Whenever users visit our website, our system automatically records data and information from the computer system used to call our website. The following data ("technical information") is collected in the process:
- Information on the type of browser used and its version
- The user's operating system
- The user's Internet service provider
- The user's IP address
- The date and time of access
- Websites from which the user's system accesses our website
- Websites that the user's system calls from our website.
The log files contain IP addresses or other data that may, in some cases, enable them to be associated to a user. That may be the case, for example, if personal data is contained in the link to the website from which the user enters our website, or the link to the website to which the user switches.
The data is likewise stored in our system's log files. This data is not stored together with other personal data of the user.
We collect and use this technical information for purposes of (network) security (such as to combat cyberattacks), marketing, and to be able to better understand our users' needs, as well as to continuously improve our website and to enable us to deliver the website to the user's computer system.
The data is stored in log files in order to ensure that the website functions properly. This data also helps us optimize the website and ensure the security of our IT systems. It is not analysed for marketing purposes in this connection.
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the EU General Data Protection Regulation (GDPR).
For further information on the cookies used by us, their purposes and legal basis, please refer to appendix "Tracking Tool Policy".
2.1.2. Tracking tools
We are using the tracking tool eTracker on our website and "Usabilla for Apps" feedback services from Usabilla to analyse user feedback on our application.
For further information on the cookies used by us, their purposes and legal basis, please refer to appendix "Tracking Tool Policy".
2.2. Use of the services offered on our website
2.2.1. Requesting an application demo / Contact Me
To contact us and/or request a demo of the application you will be asked to provide:
- Your email address
Your email address will be deleted after you have been contacted / watched the demonstration.
This data is initially processed in order to take steps at the request of the data subject for the purposes of our legitimate interests (Art. 6 (1)(f) GDPR)
2.2.2. Register for ToolNOW
To register for the application you will be asked to provide
- Your company name
- Company group email account
We do not use personal data, such as personal email addresses within the application. Usage of private email addresses is inadmissible.
As a next step of the registration process to register to the application you will be asked to provide mandatory information about your company such as customer type, company name and address, VAT reg. Number, responsible accounting clerk (Name, Department, Telephone, Email), requested application role and other non-personal data.
In the event a registration has not been completed, the data will not be saved.
This data is initially processed in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR).
2.2.3. Data automatically processed while using ToolNOW
Every time you use the internet your internet browser will automatically transfer certain information that we will store in so-called log-files.
The log-files will solely be stored for the detection of malfunctions and security reasons (e.g. attack detection) for a period between seven and ten days. Log-files will be stored for a longer period of time and might be transferred to investigating authorities if they are needed as evidence if an incident took place. They will be subject to restriction of processing upon the final clearance of the matter.
In particular, log-files include the following information:
- IP address of the network from which the online service is accessed,
- Date and time of request,
- Size of transferred data,
- URI of the accessed data,
- Operating system and information regarding the internet browser used, including add-ons,
- HTTP Response Status Code
For special forms of automatic data processing, such as cookies, please refer to appendix "Tracking Tool Policy".
2.2.4. Statistical analysis
There is a possibility that your data may be analysed in a data warehouse to evaluate the preferences of our registered customers ("statistical analysis") for the purposes of interest-led marketing, individual approaches and continuous optimisation of our business processes. We undertake this processing in order to acquire a better understanding of what our customers expect from us and to allow us to offer you communication that is tailored to you personally.
This analysis also helps us with fraud detection, auditing and safeguarding security, which is why we perform this processing to protect our legitimate interests, Art. 6(1)(f) GDPR.
Our legitimate interest in processing personal data
If Art. 6(1)(f) GDPR forms the legal basis for the processing, our legitimate interests are, in addition to the purposes listed above:
- To protect the company against material and immaterial damage
- Professionalism (of our products and services)
- Cost optimisation (control and minimisation)
2.3. Other processing commitments
If obliged to do so by law, we process personal data in order to meet duties of retention under commercial or tax law or to meet legal security requirements (such as Section 7 of the Aviation Security Act [LuftSiG]). For further information on retention periods, please refer to "Duration of the data processing".
3. Duration of the data processing
Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against Lufthansa Technik AG may be enforced. Personal data are also saved to the extent that and for as long as Lufthansa Technik AG is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods up to ten years.
4. Right to object pursuant to Art. 21 GDPR
You have the right to object, on reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5. Disclosure of personal data to third parties
In order to offer you our products and services, based on our contractual obligations or in accordance with our legitimate interests, we may have to disclose your personal data to third parties internal or external to the Lufthansa Group. These recipients can be categorised as follows:
- LHT subsidiaries for technical services
- Service providers: Marketing, IT, Payment services
Personal data may be transmitted to third countries or international organisations as part of this. For your protection and the protection of your personal data, appropriate safeguards are provided for such data transmissions as per and in accordance with legal requirements (particularly, the use of EU standard contractual clauses) or an adequacy decision has been issued by the EU Commission (Art. 45 GDPR).
For information on EU standard contractual clauses, please visit https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=DE. The EU Commission provides the relevant information relating to its adequacy decisions at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.
A copy of the security precautions used may also be requested from email@example.com
We are also legally obliged to provide personal data to German and international authorities, Art. 6(1)(c) GDPR together with local and international regulations and agreements.
6. Rights of the data subject
Lufthansa Technik AG is committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can not only exercise their right to object but also the following rights where the respective legal requirements are satisfied:
- Right of access, Art. 15 GDPR
- Right to rectification, Art. 16 GDPR
- Right to erasure ("right to be forgotten"), Art. 17 GDPR
- Right to restriction of processing, Art. 18 GDPR
- Right to data portability, Art. 20 GDPR
To exercise your right, please email firstname.lastname@example.org. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR.
You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for Lufthansa Technik AG is:
Der Hamburgische Beauftragte fuer Datenschutz und Informationsfreiheit
Phone: +49 40 42854-4040
Fax: +49 40 4279-11811
If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time.
If you gave this consent on the website, please visit the page where you originally gave consent in order to withdraw consent in the settings.
In all other cases or if you have problems withdrawing your consent on the website, you can contact email@example.com.
Please note that your consent can only be withdrawn with future effect and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis e.g. to perform a contract.
8. Disclaimer and limitations of these data protection notices
Appendix – Tracking Tool Policy
A cookie is a small element of data that can be exchanged between an Internet site and a client's browser. It can be stored on either side to enable the Internet application to recognize the client on return. You can set your browser to notify you when you receive a cookie, and you may choose to accept the cookie or not. If you do not accept the cookie, the corresponding Internet page cannot be accessed. If you accept the cookie, you can delete it after the session
Cookies served through our Website
The tracker "eTracker" uses the following types of cookies, whose scope and functioning principles are discussed in the following:
- Transient cookies (a)
- Persistent cookies (b).
a) Transient cookies are automatically deleted if you close the browser. They include session cookies in particular. They save what is referred to as a session ID, which can be used to assign different queries from your browser to the joint session. As a result, your computer can be recognized if you return to our website. The sessions cookies are deleted if you close the browser.
b) Persistent cookies are automatically deleted after a specified amount of time that can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
Please refer to section Tracker for more information about eTracker.
Cookies served through the application
For authentification and accessing the application
- Transient (a) and
- Persistent cookies (b)
a) Transient cookies are automatically deleted if you close the browser. They include session cookies in particular. They save what is referred to as a session ID, which can be used to assign different queries from your browser to the joint session. As a result, your computer can be recognized if you return to our application. The sessions cookies are immediately deleted after you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified amount of time that can differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser. Persistent cookies are used to remember the user to simplify the log in.
You can configure your browser settings as you please and, for instance, reject the acceptance of third-party cookies or all cookies. Please note that you may not be able to use the application.
We use eTracker as a tracking tool. Its functions are explained in the following paragraphs.
eTracker stores data on visitors, IP addresses and the device and domain data of visitors. This data is stored in truncated form or encrypted so that it is not possible to identify the individual user from it.
The collected data is administered in a data center located in Hamburg, Germany using the highly secure, high-quality and highly available data center infrastructure of IPHH Internet Port Hamburg GmbH, which is certified as complying with ISO/IEC 27001:2013.
eTracker gives us insights into the following data:
- When the website was accessed (month, year, week, day, time of day)
- What devices were used to access the website and what browser and operating system those devices use
- What individual pages of the website are visited
- Visitors' regions and languages
- Visitors' click behavior:
- Click paths, click frequency
- Dwell times on the individual pages of the website
- Most-clicked pages on the website
- Where the website was accessed from (referrer)
- How often the website or its individual pages were called
- Whether and how visitors return to the website or its individual pages
You can obtain more information on this tracking tool at: www.eTracker.com