Privacy statement

We take the protection of your personal data seriously and would like you to feel at ease and secure when visiting our business customer portal and its associated website. Protecting your privacy during processing is an important concern for us, which we take into account in all our business processes and is carried out in accordance with the statutory provisions.

1.    Responsible party  

We, DEUTSCHE LUFTHANSA AG (Deutsche Lufthansa AG, Lufthansa Aviation Center, Airportring, 60546 Frankfurt am Main) (hereinafter also referred to as "Lufthansa," "we," "us"), hereby inform you as follows regarding the processing of your personal data while using our website: (hereinafter also referred to as "website"). 

2. Contact for data protection topics 

If you have any further questions about data protection in connection with our website or any of the services it offers, please contact our data protection officer: 

Group data protection officer of the Lufthansa Group 
Deutsche Lufthansa AG 

Please send a request for information to: 
Deutsche Lufthansa AG                     
Data protection                         
60546 Frankfurt 

If you contact us by e-mail, our communication will be unencrypted. 

Collection and processing of personal data 
Lufthansa GenerationFly  stores your personal information if you provide it to us yourself, as part of the GenerationFly verification process.  
Limitations on use and disclosure of personal data 
We will not share your personal data with third parties. Any partner services offered on are booked directly with these partners. You will be advised of this accordingly.  
Some of our services give you the opportunity to store personal information (e.g. FAQ). Such information will only be used to respond to your current inquiry. After your inquiry is closed, this information will not be retained without requesting your permission to do so. 
If Government agencies or authorities ask us to collect or share personal data, we will do so only within the appropriate legal frameworks. We require our employees, suppliers and partners to maintain confidentiality and data secrecy in accordance with Article 5 of the German Federal Data Protection Act. 
All airlines are required by law to provide the US Customs and Border Protection with the flight and reservation details of every passenger entering the USA. This information is to be used exclusively for security purposes.
Further information is available here.
Data security 
Lufthansa uses technical and organizational security measures to protect the data we hold about you against accidental or deliberate manipulation, loss, deletion or unauthorized access. Our security measures are being improved continuously as new technology develops. The processing and transmission of data is encrypted by the SSL (Secure Sockets Layer) protocol. 
Google Analytics 
This website uses Google Analytics, a web analysis service of Google Ireland Limited, (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). It includes the use of “Universal Analytics” technology, which makes it possible to assign data, web sessions and interactions on several devices to an anonymised user ID, thus enabling an analysis of a user’s activities across multiple devices. 

Google Analytics uses so-called “cookies”, text files which are saved on your computer and which enable an analysis of your usage of the website. Information generated by the cookie about your usage of this website is generally transferred to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within the member states of the European Union or in other states which are party to the Agreement on the European Economic Area before the transfer takes place. Only in exceptional circumstances will the complete IP address be transferred to a Google server in the USA and shortened there. The IP address of your browser conveyed in the context of Google Analytics will not be joined with other Google data. Google will use this information on behalf of the operator of this website to evaluate your usage of the website in order to compile reports about the website activities and to provide the website operator with additional services in connection with the usage of the website and the internet. These purposes also constitute our legitimate interest in the data processing. The legal basis for the use of Google Analytics is Section 15(3) German Telemedia Act (TMG) and Art. 6(1), Subparagraph 1(f), GDPR. Sessions and campaigns are terminated on expiry of a fixed period. The fixed period for the termination of sessions is generally 30 minutes without activity, and for campaigns the limit is six months. The maximum permissible time limit for campaigns is two years. More information about conditions of use and data protection can be found at or at

You can prevent cookies from being installed by activating a corresponding setting in your browser software; however, we must inform you that, in this case, it is possible that you will not be able to use all the functions of this website entirely. Furthermore, you can prevent the capture of data by Google relating to your use of the website generated by the cookie (including your IP address), as well as the processing by Google of this data, by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when visiting this website. To prevent the capture of your data across multiple devices by Universal Analytics, you must complete the opt-out process on all systems you use. Click here to install an opt-out cookie: disable Google Analytics

Tealium IQ is a tag management system used to load tracking pixels from third-party providers onto the website. Tealium uses a cookie to collect some non-personal data in order to optimise loading of the tracking pixels. This cookie expires after 12 months. 

The Tealium cookie stores the following information: 

  • Timestamp of the website visit 

  • ID for the page access 

  • ID for the visitor 

  • ID for the session 


Recipient of data 

To provide the website and services, the following categories of recipients receive data in order to process them on Lufthansa's behalf: 

  • Lufthansa Group airlines 


Right to object 

You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6 (1) point (e) or (f) GDPR. 
The controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves for the establishment, exercise or defense of legal claims. 

Rights of the data subject 

Lufthansa attaches great importance to ensuring that our processing procedures are fair and transparent. In addition to the right to object, the GDPR also entails the following rights of the data subjects: 
Right of access by the data subject Article 15 GDPR 
Right to rectification Article 16 GDPR 
Right to erasure ("right to be forgotten"), Article 17 GDPR 
Right to restriction of processing, Article 18 GDPR 
Right to data portability Article 20 GDPR 
Right of appeal to a supervisory authority 
If you have given us permission to process your personal data, we hereby point out that you can revoke this permission at any time. 
To exercise your rights, you can contact us by e-mail at: To process your application and for identification purposes, we would like to point out that we will process your personal data in accordance with Article 6 (1) point (c) GDPR.