We, Lufthansa Aviation Training GmbH (hereinafter also referred to as “LAT GmbH” or “we”, or “us”), would like to provide you with information on how we process your personal data when you use our website https://european-flight-academy.com (“website”).
2. Contact Information
Should you have any further questions regarding data protection in connection with our website or the services offered on it, please contact our data protection officer:
Lufthansa Group Data Protection Officer
Deutsche Lufthansa AG (DLH)
3. Scope, Purpose, and lawful Basis of processing personal Data
We collect and use personal information directly from our users or from other sources (as described below) in the following situations:
3.1. Use of the Website and Creation of Log Files
When users visit our website, our system automatically collects data and information about the computer accessing our website each time our website is accessed. In the process, the following data (“technical information”) is collected:
(1) Information about the type and version of browser used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) The date and time the website was accessed
(6) Websites from which the user accessed our website
(7) Websites and files that were accessed by the user’s system from our website, as well the following information: the method of access and protocol
(8) The size of the file/page accessed
This data is also saved in our system’s log files. This data is not stored together with any other personal data about the user. We collect and use this technical information for purposes of (network) security (e.g. to combat cyberattacks), marketing, and to better understand the requirements of our users, as well as to continuously improve our website and enable the respective user to access the website from their computer. This information is stored in log files to guarantee the website’s functionality. In addition, we use the data to optimize our website and to ensure the security of our information technology systems. We do not process the data collected in this context for marketing purposes. The lawful basis for the temporary storage of data and log files is article 6(1)(f) of the GDPR.
european-flight-academy.com uses the following cookies
3.1.2. Tracking Tools
We use the following tracking and marketing tools (including for remarketing) on our website:
Google Analytics (https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en)
This website uses Google Analytics, a web analysis service of Google Ireland Limited, (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). It includes the use of “Google Analytics 4” technology, which makes it possible to assign data, web sessions and interactions on several devices to an anonymised user ID, thus enabling an analysis of a user’s activities across multiple devices.
3.1.3. Advertising Cookies
These are the cookies we use:
Meta-Pixel (formerly Facebook Pixel)
To measure conversion rates, this website uses the visitor activity pixel of Facebook/Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European
Commission. Details can be found here:
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at:
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.
If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on thewebsite of the European Interactive Digital Advertising Alliance:
If you click here, the opt-out cookie will be set: Disable Facebook/Meta
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited
(“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
For more information about Google Conversion Tracking, please review Google’s data protection policy at:
This website uses the "TikTok Pixel", a tracking technology of the social network "TikTok" of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). With the help of cookies (small text files that are stored on the end device used), information about the surfing behavior on our website is collected in pseudonymized form, transmitted to TikTok, stored there and analyzed to then enable the playout of interest-based and personalized product recommendations on TikTok. The object of the information collected and processed pseudonymously in this way is basically the device ID, the device type, time stamp, the operating system used and the IP address. The information can be assigned to the person of the User with the aid of further information that TikTok has stored about the User, e.g. due to the ownership of an account on the social network "TikTok". TikTok may also combine the information collected through the pixel with other information that TikTok has collected through other websites and / or in connection with the use of the social network "TikTok", and thus create pseudonymous usage profiles. In no case can the collected information be used to personally identify visitors to this website. The TikTok Pixel further enables us to track the effectiveness of advertisements on TikTok. If the user is redirected from an ad on TikTok to pages on this website and the cookies have not yet expired, the pixel captures and can track certain user actions predefined by us (e.g., completed transactions, leads, searches on the website, views of product pages). When such an action is performed, your browser sends an HTTP request from the cookie to TikTok's server via the TikTok pixel, with which certain information about the action is transmitted. Through this transmission, TikTok can compile statistics about the usage behavior on our website after forwarding from a TikTok ad, which serve us to optimize our offer. All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time with future effect by deactivating this service in the Content Manager tool provided on the website. We have concluded an order processing agreement with TikTok for the use of the TikTok Pixel, which obliges TikTok to protect the data of our site visitors and not to pass it on to third parties. TikTok generally transmits collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.
If you click here, the opt-out cookie will be set: Disable TikTok
3.1.4 Other technologies
We use these other technologies:
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other
technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereafter Hubspot CRM).
To this end, HubSpot stores a cookie on your computer to collect the following data: Information about the computer you are using and your visit to our website, your IP address, your location, the browser you are using, referral source and the length of your visit to our website. HubSpot stores such data on its own server. Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts, to communicate with you and to plan and execute marketing activities in line with your interests. Hubspot CRM enables us to capture, sort and analyze customer interactions via email, social media, or phone across multiple channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or marketing measures (e.g., newsletter mailings). Hubspot CRM also enables us to collect and analyze the user behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
The legal basis for the use of the aforementioned tools is our legitimate interest pursuant to article 6(1)(f) of the GDPR for the purposes of increasing the efficiency of our website and our marketing activities (including direct marketing)
Further information about the individual tools can be found in the Annex/Tracking Tool Policy.
3.2. Use of the Services offered on our Website
We offer a wide range of services on our website. In order to provide these services, we must collect and process personal data from users or our customers.
3.3. Processing personal Data on the Basis of our legitimate Interests
In the event that article 6(1)(f) of the GDPR is our legal basis for processing, in addition to the purposes listed above, our legitimate interests include:
- Protecting the company from material or immaterial damage
- Professionalization (of our products and services)
- Cost optimization (cost control and cost minimization)
3.4. Further Obligations to process Data
Insofar as we are legally obligated to do so, we also process personal data in order to comply with our obligation to retain data as set forth in applicable commercial or tax law or to meet security requirements (e.g. section 7 of the Luftsicherheitsgesetz (LuftSiG), German aviation security act). Further information about retention periods can be found under Duration of Data Processing.
3.5. Obligation to provide personal Data
In order to meet statutory or contractual requirements, we have marked the respective fields in the forms on our website that must be filled out so that we can perform the requested contract or service.
4. Duration of Data Processing
Your personal data will be erased as soon as it is no longer required for the aforementioned purposes. In this context, personal data may be stored for the period of time during which legal claims can be asserted against Lufthansa Aviation Training GmbH (statutory limitation period of three to thirty years). In addition, personal data is stored to the extent and for as long as Lufthansa Aviation Training GmbH has a legal obligation to do so. Corresponding documentation and retention obligations result from Germany’s Commercial Code, tax code, and money-laundering act, among others. Based on the aforementioned laws, data can be stored for a period of up to 10 years.
5. Right to object pursuant to Article 21 of the GDPR
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on point (e) or (f) of article 6(1) of the GDPR, including profiling based on those provisions.
If you make such an objection, the controller will no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is conducted in conjunction with such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will cease to process your personal data for this purpose.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to article 89(1) of the GDPR, you have, on grounds relating to your particular situation, the right to object to the processing of your personal data unless the processing is necessary for the performance of a task carried out for reasons of public interest.
6. Disclosure of personal Data to Third Parties
In order to be able to offer you our products and services based on our contractual obligations or in accordance with our legitimate interests, we may have to disclose your personal data to third parties within or outside the Lufthansa Group. These recipients can be categorized as follows:
- EFA Recruitment: Deutsche Lufthansa AG (BRE L/OTR) & Interpersonal
- Deutsches Zentrum für Luft- und Raumfahrt e.V. & other Service providers
- Website and Marketing Agency
In this context, personal data may be transferred to third countries or international organizations. For your protection and the protection of your personal data, such data transfers are subject to appropriate safeguards pursuant to and in accordance with the applicable legal requirements (in particular application of EU standard contractual clauses) or an adequacy decision adopted by the EU Commission (article 45 of the GDPR).
Information about EU standard contractual clauses can be found here: [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=DE]. The EU Commission provides information on its adequacy decisions at [https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu].
You can also request a copy of the security measures we implement by sending an e-mail to datenschutz(at)dlh.de.
In addition, we are legally obligated to disclose personal data to German and international authorities pursuant to article 6(1)(c) of the GDPR in conjunction with local and international regulations and agreements.
7. Rights of the Data Subject
Ensuring our processing operations are fair and transparent is extremely important to Lufthansa Aviation Training GmbH. For this reason, it is important to us that you, as the data subject, can exercise the following rights, in addition to the right of objection, if the respective legal requirements are met:
· Right of access pursuant to article 15 of the GDPR
· Right to rectification pursuant to article 16 of the GDPR
· Right to erasure (“right to be forgotten”) pursuant to article 17 of the GDPR
· Right to restriction of processing pursuant to article 18 of the GDPR
· Right to data portability pursuant to article 20 of the GDPR
To exercise your rights, simply send an e-mail to datenschutz(at)dlh.de. In this case, we would like to point out that in order to process your request and to identify you, we will process your personal data in accordance with article 6(1)(c) of the GDPR.
In addition, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for Lufthansa Aviation Training GmbH is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA, Bavarian data protection authority)
Promenade 27 (Schloss),
91522 Ansbach, Germany
European Flight Academy – Applicant Data Protection
Lufthansa Aviation Training GmbH has engaged Deutsche Lufthansa AG, BRE LO/T-R to process online applications and administer the screenings/aptitude tests for the European Flight Academy’s ab initio courses.
Since protecting your personal data is very important to us, we would like to inform you about the following data protection principles that Deutsche Lufthansa AG is committed to observing as part of a transparent application process.
We process and use your personal data in our applicant management system exclusively for the purposes necessary to ensure that the application process is conducted effectively and properly.
If you submit an application yet are not accepted onto a course, we save a recognition record with your personal data. We need this record in order to recognize you if you apply again. This recognition record contains the following information: Your last name, first name, date of birth, and history of your participation in screenings/aptitude tests.
When your data is transferred to the applicant management system, it is automatically encrypted by LAT. In this context, the data security measures we implement always correspond to the current state of the art.