Information regarding the new General Data Protection Regulation (GDPR)
Dear Sir or Madam,
In accordance with Article 13 and Article 14 of the General Data Protection Regulation (GDPR), we are obligated to inform you about the processing of your personal data:
Lufthansa City Center Reisebüropartner GmbH (LCR)
Lyoner Straße 36
Telefon: +49 69 660 75 100
Telefax: +49 69 660 75 110
Contact details of the data protection officer
Data Protection Officer
Dipl.-Ing. Hans-Detlef Krebs
Am Stift 4 - 6
Telefon: +49 69 660 75 100
We will process the following personal data for the purpose of fulfilling a contract, for our legitimate interest in customer retention, for direct marketing purposes and for the purpose of establishing an initial business contact:
Name, address, company, telephone/fax number, e-mail address, PNR, information regarding newsletter subscriptions, as well as the respective department, function, secretary and/or supervisor where applicable.
In addition to our legal obligations concerning storage, documentation and reporting, we will store the personal data that is required for fulfilling the contract for the duration of the business relationship. In addition, we have also defined and documented the deletion periods for all other processing procedures. This data will be deleted immediately upon expiry of its purpose and the statutory retention obligations.
Legal basis for processing
We shall process your data exclusively in accordance with legally compliant bases such as GDPR Article 6 (1) a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (1) b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (1) c) processing is necessary for compliance with a legal obligation to which the controller is subject; (1) f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third part. In order to safeguard the legitimate interests of the person responsible, we shall use the data in accordance with Recital 47 of the GDPR.
Origin of the data:
We have either acquired this information from you yourself, your company, or from public sources such as the commercial register, your website, phone book, representatives, etc.
All of the employees in our company who serve our customers and/or suppliers and those who maintain our software have access to this data. Our data processing systems and our electronic communication systems are partly supported by our external cooperation partners for support and maintenance purposes. Contracts are concluded with such partners in accordance with GDPR Article 28.
If required for cooperation with you and/or your company, this data can also be viewed by authorized employees from our subsidiaries and/or international representatives. Please see the following link for an overview of LCRs international distribution network: Overview
If our international representatives or subsidiaries are located in a third country, contracts shall be concluded pursuant to EU standard contractual clauses; for USA this shall be Privacy Shield, if applicable, or the EU adequacy decision shall apply.
In addition, your name and address (and your telephone number if required) shall be transferred to the transport company commissioned by LCR to deliver the ordered product(s).
We would like to inform you that you have the right, at any time,
- to request information about the specific data we have processed (GDPR Article 15);
- to have your data rectified or corrected (GDPR Article 16);
- to have your data deleted, unless there is a legitimate reason for its further retention (GDPR Article 17);
- to demand the restriction of your personal data being processed (GDPR Article 18);
- to object to data processing (GDPR Article 21);
- to request the transfer of your personal data in a structured, common and machine-readable format (GDPR Article 20).
Furthermore, you also have the right to lodge a complaint with a supervisory authority (GDPR Article 77):
If you believe that the processing of your personal data infringes the data privacy law or your data protection claims have been violated in any another way, you can complain to the supervisory authority.
Der Hessische Datenschutzbeauftragte
Prof. Dr. Michael Ronellenfitsch
Postfach 31 63
Telefon: 06 11/140 80
Telefax: 06 11/14 08-900
Homepage: http://www.datenschutz.hessen.de (externer Link)
All of the other data protection authorities in the respective EU member states can be found under the following link:
We would like to point out that in the event of non-provision of personal data and/or in the case of its revocation, the fulfillment of (contractual) obligations by LCR shall be made difficult or even impossible under certain circumstances.