Data protection declaration
Deutsche Lufthansa AG (Venloer Straße 151-153, 50672 Cologne, Germany) (hereinafter also “Lufthansa”, “we”, “us”) wishes to inform you below of how your personal data are processed within the context of the PartnerPlusBenefit program and website.
Any mention of Lufthansa Group Airlines below refers to the Lufthansa, SWISS International Airlines AG, Austrian Airlines AG and Eurowings GmbH airlines. The Lufthansa Group comprises the Lufthansa Group Airlines and the other companies that make up the Lufthansa Group.
If you have any further queries regarding data protection in connection with our website or the services offered there, please contact our data protection officer:
Group Data Protection Officer for the Lufthansa Group
Deutsche Lufthansa AG
Please send requests for information to:
Deutsche Lufthansa AG
If you contact us via email, the communication is unencrypted.
II. Your personal data
In order to make a PartnerPlusBenefit membership possible for you, we collect personal data from you in the application form. These data consist in particular of your last name, first name, gender and company address. Furthermore, in certain processes, you must provide additional compulsory information so that we can complete your registration and any subsequent processes, such as sending out a confirmation e-mail. This includes data such as an e-mail address or a telephone number.
III. Use and disclosure of personal data and restriction of use
a) Use to improve our offering
PartnerPlusBenefit processes and uses your personal data for service purposes within the website www.partnerplusbenefit.com; in other words, to provide individualized offers to your needs and/or to make repetitive inputs unnecessary or to limit these to no more than the extent necessary. For this purpose we save your provided data in our Customer Relationship Tool of Deutsche Lufthansa AG.
Your data may be analyzed in a data warehouse to evaluate the preferences of the registered customers (“statistical analysis”) for the purposes of interest-led marketing, individual approaches and continuous optimization of our business processes. We undertake this processing in order to acquire a better understanding of what our customers expect from us and to offer individually tailored communication. This analysis also helps us with fraud detection, auditing and safeguarding security, which is why we perform this processing to protect our legitimate interests, Art. 6 (1) (f) GDPR.
The PartnerPlusBenefit website contains action-related pages for competitions and online promotions, as well as information pages such as the BenefitInfoLounge and other online guides. When these action-related pages and information pages are visited, our system automatically collects data and information from the computer system of the calling computer each time it is called up. The following technical data is collected: Information about the browser type and the version used, the user's operating system, the date and time of access, and websites from which the user's system accesses our website and which are accessed via our website.
b) Flight tickets
While booking airline tickets through PartnerPlusBenefit, as well as other flight related services, we will process your personal data (such as master data, contact details and payment details). Firstly this data is processed by us to fulfill the contract in order to issue your desired flight ticket and to send you the booking confirmation (Article 6 (1) (b) DSGVO), but also to safeguard our legitimate interests (Art. 6 (1) (f) DSGVO) and to provide you with relevant information about your booked flight and destination.
In that regard, we also refer to our notes on the processing of data in the context of passenger transport: Lufthansa Privacy Statement
c) Disclosure to third parties
Within the PartnerPlusBenefit program you have the option to purchase services provided by our partners. As a part of this personal data may be transmitted to third parties within or out of Deutsche Lufthansa AG in order to offer products and services according to our contractual obligations (Art. 6 Abs. 1 lit. b GDPR) and your agreement was issued (Art. 6 Abs. 1 lit. a GDPR). The data which you have provided may be sent to third parties insofar as this is necessary for the purpose of concluding or processing contracts by PartnerPlusBenefit.
For your protection and the protection of your personal data, appropriate safeguards are provided for such data transmissions as per and in accordance with legal requirements (particularly the use of EU standard contractual clauses).
In order to be able to offer you our products and services based on our contractual obligations, your personal data may be transmitted to third parties within or out of Deutsche Lufthansa AG. These third recipients can be categorized as follows:
• Service providers for contractual fulfilments
• Members of the Star Alliance or other Airlines
• Other suppliers and providers, e.g. Supply of the Website, supply of the Benefit WorldShop and transaction of orders, service center provider, Newsletter distribution, etc.
In order to be able to offer you our products and services, we use service providers as processors in accordance with Art. 28 GDPR. These service providers have been carefully selected and work exclusively to our instructions. They provide sufficient guarantees to comply with their obligations under data protection law.
The legal bases for the transmission of data to processors are listed in section 3 of the legal bases of this Data Protection Policy in conjunction with Art. 26 GDPR.
IV. Option right
During your registration we inquire the permission for an E-Mail option which gives you information about your account. Your permission refers to the processing of the following data: E-Mail address, First Name and Surname, salutation and favored language.
Furthermore you have the option to subscribe for a complimentary Newsletter. Your permission refers to the processing of the following data: E-Mail address, First Name and Surname, salutation and favored language.
If you have given us consent to the processing of your personal data, we hereby inform you that you can adapt and revoke this consent at any time in your PartnerPlusBenefit profile. You can revoke your newsletter consent at any time via the "Unsubscribe" link in the newsletter. Please note that the consent you revoke has only an effect on the future and has no influence on the legality of the processing in the past.
Legal basis of data processing is the option right according to Art. 6 Abs. 1 S.1 lit. a) GDPR.
V. Collection and processing of personal data
a) Functionalities for PartnerPlusBenefit members
On our website and in our app, we make a variety of functionalities available to you, which require the processing of personal data. These functionalities can only be accessed, for example, by PartnerPlusBenefit members after logging in with their identification details (Username and password).
The following functionalities are available to you as a logged-in PartnerPlusBenefit member:
• Profile view
• Award requests and use of platforms for spending and earning points
• Receiving customized information and offers
Where the use of functionalities requires you to provide more personal information, this will be identified on our website or in our app. Mandatory information is specifically identified; if mandatory information is not provided, the use of the particular functionality will not be possible.
The legal basis for this processing is Art. 6(1), Subparagraph 1(b) GDPR (Performance of contract and pre-contractual measures), as well as Art. 6(1), Subparagraph 1(a) GDPR (Consent), for the display of combined offers we have put together for you, as well as participation in surveys and competitions.
We may also offer you functionalities on our website and in our app, which can be used without logging in, but which nonetheless require the processing of personal data. These functionalities may include the use of the contact form for sending us enquiries or comments. The legal basis for the processing of your data is Art. 6(1), Subparagraph 1(b) GDPR (Performance of contract and pre-contractual measures).
b) Data processing when accessing our website
You can use our website without actively supplying personal data by registering or logging in to the PartnerPlusBenefit program. Even in this case, we must process certain information in order to enable your access to our website.
Our server automatically recognises the following data (so-called log files):
• Domain name
• Date and time of your visit
• Your client file request (file name and URL)
• http response code
• Number of bytes transferred during the session
• IP address of your terminal
• Device properties, such as the operating system
• Website referrer (information about the website that you accessed immediately before visiting our website)
• Location data (without your permission, only the region)
This data will be processed and retained for 90 days to check security incidents, in order to allow you technically to access the website, as well as to ensure its stability and security. The legal basis for this processing is Art. 6(1), Subparagraph 1(f) GDPR (legitimate interest - company interest in technical stability of the website).
Furthermore, your IP address will be processed in a pseudonymised form in order to protect our website from outside attack (e.g. hacker attack, botnet attacks, other attempted fraud). Your IP address will not be saved with your profile and we cannot trace it back to you personally (without considerable and disproportionate effort). The legal basis for this processing is Art. 6(1), Subparagraph 1(f) GDPR (balancing of interests - company interest in security of the system).
Furthermore, we use technology for the recognition of your terminal, such as cookies or local storage, for example.
In order to use the functionalities, you can log on to our website with your PartnerPlusBenefit username and password. In addition to the data described, your personal data, as well as other data after a login, will be processed as described in this Data Protection Policy.
c) Cookies/Web Beacons/Local Storage
We use so-called cookies, local and session storage and web beacons to ensure that our service is as user-friendly as possible.
A “cookie” is a small text file which a web server sends to your browser when you visit a website. It depends on your browser’s settings as to whether the cookie file is stored or deleted. If the file is stored, our webserver can recognize your terminal. Next time you visit the site or when you switch between functions requiring you to enter a password, the cookie can save you from re-inputting information. This is how cookies make it easier for you to use websites requiring user input.
• Session cookies
These expire at the end of the browser session and can capture your activities during the browser session. They are deleted when you finish your browser session.
• Permanent cookies
These are saved on your terminal between different browser sessions and are able to capture your settings or activities on multiple websites. These are deleted after a predefined period, which can vary according to the cookie. You can, however, delete the cookies at any time in your browser settings.
• Session storage
• Local storage
Furthermore, we distinguish between the following categories of cookies:
• Operationally necessary
These cookies are absolutely necessary to operate the site and facilitate, for example, login, redeeming miles and security features. Furthermore, these cookies allow us to recognize whether you wish to remain logged in to your profile, so that you can access our services more quickly the next time you visit our website.
We collect anonymized data for the purpose of statistics and analysis so that we can continue to improve our services and website. These cookies allow us, for example, to determine visitor numbers and the effect of certain pages of our website, as well as to optimize our content.
These cookies are used to show you personalized content tailored to your interests. This makes it possible to present offers that are especially relevant to you.
You can set up your browser to accept or block cookies. Furthermore, you can set it up to delete all cookies at the end of a session or delete individual cookies manually. Please note that if you block or delete certain cookies, the functionalities of our website may be limited or no longer available. In this case, you will not be able to access your personal profile nor receive any content that is tailor-made for you. It could be that your browser is also already set up to display an alert every time it accepts a cookie. This alert can be very annoying, as every single time a page is called up on our website, the identification cookie has to be sent again. You can specify this setting for single websites on an individual basis.
Web beacons are small graphic files (also known as “tracking pixels”, “pixel tags” or “clear GIFs”), which may be contained in our websites, apps, applications and newsletters and are normally installed in conjunction with cookies. All of the above-mentioned information about cookies applies also to web beacons. So web beacons will not be installed if you have refused the use of the respective cookies.
We use the so-called local storage functionality. This means that your data are stored in the cache of your browser after login and will not be deleted after closing the browser window - unless you delete the cache - and can be retrieved the next time you access the website. By using local storage, we facilitate the correct display of your data when you are surfing our website without slowing the process down unnecessarily or overloading the interfaces.
If you do not want local storage to be used, you can change your settings accordingly at any time in your browser settings.
The legal basis for the use of operationally relevant cookies is Art. 6(1), Subparagraph 1(b) GDPR (Performance of contract and pre-contractual measures). The company’s interest in cookies lies in statistical usage and for the purpose of personalization in the ongoing development and relevance of the website and program. Furthermore, the company’s interest in cookies lies in speeding up processes and avoiding system overload.
d) Tracking tools for website analysis
We use certain analysis procedures both on our website. The following points explain the analysis procedures and integration.
Website analysis with etracker:
Website analysis with Webtrends:
Deutsche Lufthansa AG carries out access measurements on the PartnerPlusBenefit Website using the web analysis tool Webtrends. Cookies are used for measurement and the access data is collected in an anonymized form so that no connection can be made to a user. In particular, this is done by anonymizing the IP address.
You can prevent cookies from being installed by activating a corresponding setting in your browser software; however, we must inform you that, in this case, it is possible that you will not be able to use all the functions of this website in full. Furthermore, you can prevent the capture of data by Google relating to your use of the website generated by the cookie (including your IP address), as well as the processing by Google of this data, by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent the capture of your data across multiple devices by Universal Analytics, you must complete the opt-out process on all systems you use. Click here to install an opt-out cookie:
Switch of tracking
e) Duration of the data processing
We process your data as long as it is required to fulfil our contractual and statutory obligations. If the purpose for which your data were processed no longer applies, such data are deleted, unless the retention thereof is required for the following purposes: To fulfil retention periods under commercial and tax law that derive from the Commercial Code or the Tax Code (these periods can be up to 10 years) and to retain evidence as part of the provisions on limitation periods. Under §§ 195 ff. of the Civil Code (these limitation periods can be up to 30 years, whereas the standard limitation period is three years). In these cases, your data are blocked so that they cannot be processed for other purposes.
VI. Rights of the data subject
Deutsche Lufthansa AG is committed to ensure fair and transparent data processing. That is why it is important to us that data subjects cannot only exercise their right to object but also the following rights where the respective legal requirements are satisfied:
• Right of access, Art. 15 GDPR
• Right to rectification, Art. 16 GDPR
• Right to erasure (“right to be forgotten”), Art. 17 GDPR
• Right to restriction of processing, Art. 18 GDPR
• Right to data portability, Art. 20 GDPR
• Right to object pursuant to Art. 21 GDPR
To exercise your right, please email email@example.com.
In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6 (1) (c) GDPR.
You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for Deutsche Lufthansa AG is:
National commissioner for data protection and freedom of information Nordrhein-Westfalen
Postfach 20 04 44
VII. Right to object under Art. 21 GDPR
For reasons arising from your specific situation, you have the right to submit an objection to the processing of your personal data based on Art. 6 (1) e) or f) GDPR at any time. We will no longer process the personal data that concern you, unless we can prove that there are compelling reasons for the processing that are worthy of protection and that outweigh your interests, rights and freedoms, or if the processing is used to enforce, exercise or defend legal claims.
If the personal data concerning you are processed to operate direct advertising, you have the right to submit an objection against the processing of your personal data for the purposes of such advertising at any time. If you object to processing for the purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.
You have the option of exercising your right of objection in connection with the use of the services of the information company using an automated procedure - notwithstanding Directive 2002/58/EC - in which technical specifications are used.
You can object to the processing of your personal data at any time, for example by using our contact form as described in section 9 of the Data Protection Policy.
VIII. References and data collection on third-party websites
You can reach third-party websites via links from our website which are not operated by us. For example, these may be the websites of partner companies where you can earn miles or where special offers are made available for Miles & More members. We have no influence over the processing of your personal data on such third-party websites; this is dealt with by the relevant website provider. Therefore please read the conditions of use and data protection information on these websites in order to get more precise information about the processing of personal information on these websites.
IX. Disclaimer, limitations and updates of this data protection notices
These data protection notices only apply to processing for this website and in the context of the PartnerPlusBenefit program. Other websites are not covered by these data protection notices and provide their own specific data protection notices.
We check these data protection policies regularly and we will update these as necessary. Where there are significant changes made to this Data Protection Policy, we will inform you.