Privacy Declaration Campus+
How we respect and protect your personal data.
This privacy declaration informs you comprehensively about the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") within the Campus+ online service and the associated websites, functions and content. In addition, we inform you about your rights under applicable data protection law.
This privacy declaration was last updated on: 05.01.2022.
By using the Campus+ portal and by clicking the checkbox "I agree to the data protection provisions" when registering or logging in to this site or when confirming your interest in a specific placement in an employment relationship with an employing company on whose behalf we provide services, you declare your unrestricted consent (declaration of consent) that the information you provide may be processed in the manner described in these data protection provisions.
1. Responsible Entity acc. Art. 4 DSGVO
Lufthansa Aviation Training GmbH
Data Protection Officer
Konzern-Datenschutzbeauftragter der Lufthansa Gruppe
DEUTSCHE LUFTHANSA AG
Venloer Straße 151-153
Additionally the entity:
D-22335 Hamburg, Germany
Tel.: +49 (0) 40 / 48 40 49-0
processes the data required for the Campus+ online service as order processor on behalf of Lufthansa Aviation Training GmbH.
RA Hendrik Sievers
Beck Service GmbH
2. Terms Used
With regard to the terms used, such as "Processing" or "Personal data", ect. we refer to the definitions in Article 4 of the General Data Protection Regulation (DSGVO).
3. Types of Data Processed
- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail, telephone numbers)
- Contract data, training data (start of training, etc.)
- Biographical data (e.g. birth dates, nationality)
- Qualification data (e.g. educational qualifications, licensing data, language skills)
- Profile data (e.g. preferred base, preferred employer) as far as required for the placement
- Content data (e.g. text input),
- Image data (photographs, videos),
- Usage data (e.g. web pages visited, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
As a matter of principle, we do not process special categories of data pursuant to Art. 9 (1) DSGVO via our Campus+ online portal. Exceptions to this are certain information on the health or reliability of users/applicants, insofar as this is required in the course of placements either by law or for the exercise of a specific profession (e.g., airworthiness certificate, ZUP) (see below).
When providing qualification and/or selection services, we process special categories of data pursuant to Article 9(1) of the GDPR, e.g. certain information on the physical and mental health or reliability of users/applicants, insofar as this is required in the course of selection services either by law or for the exercise of a specific profession (e.g. airworthiness certificate, ZUP) (see below).
4. Categories of Data Subjects
- Visitors and users of the Campus+ online portal
- Providers of job vacancies and training offers
- Service providers
5. Purpose of the Processing
- Making available the online offer/service, its functions and content.
- Responding to contact requests and communicating with users and interested parties.
- Provision of personnel, placement and recruitment services.
- IT security measures.
6. Relevant Legal Basis
7. Security Measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, safeguarding of availability and separation of the data. We have also established procedures to ensure the exercise of data subjects' rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO). Among other things, all data is transmitted in encrypted form using the latest technology.
8. Cooperation with Third Parties
In principle, all data will be treated as strictly confidential and will not be passed on to any third parties except in the cases specified below.
If a user explicitly agrees to the disclosure and processing of his personal data to/by certain employing companies in a separate data release declaration in the course of a concrete declaration of interest in a placement or an application for a job advertisement with a company, only the authorized bodies of these companies will be given access to his data for the specific purpose.
If data is transmitted or disclosed to third parties in the course of processing, this will only be done if the user has explicitly consented or on the basis of a legal permission (e.g. if this is required for the performance of a contract pursuant to Art. 6 (1) (b) DSGVO), another legal obligation provides for this (e.g. vis-à-vis aviation or law enforcement authorities for the prevention of dangers in air traffic) or on the basis of our legitimate interests (e.g. when using web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "commissioned processing agreement", this is done on the basis of Art. 28 DSGVO. We, employing companies and commissioned third parties process data in aggregated and fully anonymized form for internal, (e.g. demand analyses), quality assurance or scientific purposes.
9. Transfers to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfill our contractual obligations, on the basis of your explicit consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the processing of data in a third country only if the special requirements of Art. 44 et seq. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection that corresponds to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
10. Your rights as a Data Subject
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 DSGVO.
You have according to. Art. 16 DSGVO the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand that the processing of the data be restricted.
You have the right to request that the data concerning you, which you have provided to us, be received in accordance with Article 20 of the GDPR and to request its transfer to other persons responsible. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
You have the right to revoke any consent given in accordance with Art. 7 (3) of the GDPR with effect for the future.
You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against the processing for purposes of direct advertising.
To exercise these rights, please contact us at the e-mail address: email@example.com.
Furthermore, you have the right to object to the use of so-called "cookies" either generally or selectively. "Cookies" are small files that are stored on the end devices of the user. Within the cookies, different information can be stored. The primary purpose of a cookie is to store information about a user (or the end device) during or after his visit within an online offer and thus to enable or facilitate the use of the functions offered. (See below under 23. "Cookies").
For this, please call below under: "Cookies / Cookiebot", please click on the corresponding links. Furthermore, the storage of cookies can be achieved by disabling them in the settings of the respective browser used. Please note that in this case not all functions of our online offer can be used.
11. Your Obligations
If you send us any data for a personal reference, you are obliged guarantee that the person concerned is aware of and has consented to the disclosure of their personal contact information. In this case, we cannot assume any responsibility for compliance with data protection regulations.
If you as a user provide us with data via the Campus+ portal in the course of a registration, statement of interest, application, job posting or the creation of any other content, this data must not contain any information about racial or ethnic affiliation, political views, philosophical or religious views, political views and sexual orientation. Information about the commission of misdemeanors, felonies, or criminal proceedings and related penalties, fines, addictions, or physical or mental health is only permitted for certain safety-related occupations (e.g., commercial airline pilot).
To ensure a high level of data security, it is the duty of every user to keep his personal access data (password) absolutely confidential!
12. Deletion of Data
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated otherwise in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
By registering (creating or using a user account) on Campus+, the user expressly agrees that the data he or she provides in the course of registering with Campus+ in order to use the functions, content and information of the portal (registration data) will be stored until the user no longer wishes to use it, cancels his or her user account and arranges for it to be deleted.
To cancel your user account and delete your registration data, please use this e-address: firstname.lastname@example.org.
By sending a specific application to an employer, the user expressly agrees that the data of an application process for an employing company (application data) may be stored in the Campus+ application system for a period of 5 years after completion of the application in order to enable longer-term qualification processes and, if necessary, the recognition of selection stages and/or reapplications after the deadlines determined by the employer.
If there is a legal obligation for us or the employers commissioning us to provide evidence for application processes, the data required for this purpose will not be deleted but, as far as necessary for the legal purpose, will be pseudonymized, i.e. the data will be blocked (made inaccessible) and processed only for the legally required purposes. This applies, for example, to data that is required to meet the legal obligation of the employing company to provide proof of compliance with the General Equal Treatment Act (AGG) (6 months) or that must be retained for reasons of commercial or tax law.
According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 para. 1 AO, 257 para. 1 No. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 No. 2 and 3, para. 4 HGB (commercial letters).
According to legal requirements in Austria, the storage is in particular for 7 years according to § 132 Abs. 1 BAO (accounting documents, vouchers/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunication, radio and television services, which are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
13. Business-related Processing
In addition, we process data from our users, customers, interested parties and business partners in accordance with Art. 6 DSGVO for the purpose of providing contractually agreed services, enforcing our claims arising from these services and providing related services, marketing and market research on the basis of the consent of the users concerned:
- Contract data (e.g., subject matter of the contract, order/booking data).
- Product data (e.g., type of product, time of performance).
- Appointment data (e.g. user data for services, training and events)
In this context, a legally required transmission of personal data for the purpose of tracing infection chains in connection with Covid-19 may be made by us to the competent health authority. If necessary, this is done in most federal states on the basis of Art. 6 (1) sentence 1 lit. c) DSGVO, in some federal states also Art. 6 (1) sentence 1 lit. a) DSGVO, if applicable.
With the provision of online services Campus+ we process and use the communication data (eg. e-mail, telephone) of users. (e.g. technical support, notification of availability of job offers and changes). This is done on the basis of the contract fulfillment and the consent of users pursuant to Art. 6 para. 1 lit. a and Art. 7 DSGVO.
User data in the Event of Litigation
In the event of a legal dispute, we process personal data to enforce and / or defend our rights and transmit the necessary data to our, appointed legal representative, the competent court and, if you have hired a lawyer, to the lawyer to conduct the legal dispute. If and to the extent necessary for this purpose, we also make use of data from other sources (e.g. public registers). We process this personal data due to a legal obligation on the basis of Art. 6 para. 1 p. 1 lit. c) DSGVO and due to our legitimate interest to protect, enforce and / or defend our legal interests on the basis of Art. 6 para. 1 p. 1 lit. f) DSGVO.
14. Data protection Information on Placement and Application Services
We process the user data exclusively for the purpose of and within the framework of a placement procedure for the initiation of an employment relationship in accordance with the legal requirements. The processing of applicant data is carried out for the fulfillment of our (pre)contractual obligations in the context of the application procedure in accordance with Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 BDSG also applies).
A placement or application procedure requires that interested parties or applicants provide us with certain data. The necessary data are marked accordingly and result from the job descriptions or the requirements of the employing company. In principle, this includes personal details, postal and contact addresses and the documents and proofs belonging to the application, such as cover letter, curriculum vitae and certificates, as well as proofs required by aviation law. (e.g. license data, airworthiness certificate, background check). In addition, applicants may voluntarily provide further information.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 DSGVO are voluntarily communicated within the scope of the placement procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 lit. b DSGVO (e.g. health data, such as e.g. severely disabled status). Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants as part of the application process, they are also processed in accordance with Art. 9 (2) a DSGVO (e.g. bio-metric data, health data) if they are required for the exercise of the profession or under aviation law.
By sending an application, the user expressly agrees that the data of a specific application process for an employing company (application data) may be stored in the Cam-pus+ application system for a period of 5 years after completion of the application in order to enable longer-term qualification procedures and, if necessary, the recognition / consideration of selection stages and / or reapplications after the deadlines determined by the employer.
As part of these services, we also process relevant applicant data that applicants provide in the course of their application or in the course of the consulting or selection service. To the extent necessary, we may also process psychometric data and special categories of data pursuant to Article 9(1) of the GDPR, in particular information on the health, personality and commission of misdemeanors, criminal offenses or criminal proceedings and related penalties, fines, addictions or physical and mental health of applicants. This processing is only required for certain security-related professions (e.g. commercial airline pilots), among others, in accordance with the German Aviation Security Act (LuftSIG). For this purpose, we obtain, if necessary, according to Art. 6 para. 1 lit. a., Art. 7, Art. 9 para. 2 lit. a. DSGVO an explicit consent of the applicants and otherwise process the special categories of data on the basis of Art. 9 para. 2 lit. h. DSGVO, § 22 para. 1 no. 1 b. BDSG.
If an applicant makes use of the option to upload an application photo or an application video to the application documents, he/she thereby consents to the collection, storage and use of his/her image data exclusively for the purpose of possible employment with the employer. Image and video data will be shared exclusively with the authorized bodies of the employer. The upload of application photos and videos is voluntary.
The deletion of this data will be carried out in compliance with any legally required periods of proof at the time agreed by consent (see also above 'Deletion of data'). If an applicant requests the deletion of his/her application data in accordance with Art. 17 DSGVO or revokes his/her consent in accordance with Art. 7 (3) DSGVO or objects to the future processing of personal data in accordance with Art. 21 DSGVO, his/her data will be deleted in accordance with the above provision. Regulation: 'Deletion of data, deleted or archived. If the deletion of partial data, e.g. of an individual application, is requested, all application data and all registration data will generally be deleted, since according to Art. 17 and 18 DSGVO a complete deletion of all application and applicant data is required and each application also uses registration data (e.g.: name, address, etc.).
The transmission of all data via the Campus+ portal is encrypted exclusively in accordance with the latest technical standards.
If users send us their data by e-mail, please note that e-mails are generally not encrypted and applicants must ensure encryption themselves. We can therefore not assume any responsibility for the transmission path of the data between the sender and the reception on our server and therefore rather recommend the online portal and the use of the upload - functions.
15. User account, registration
Users can create, have created and maintain a user account. Registration is free of charge. In the course of registration, the required mandatory information is provided to the users and processed on the basis of Art. 6 para. 1 lit. b DSGVO for the purpose of providing the user account. The processed data includes in particular the login information (name, address data, password, e-mail address and basic profile data). The data entered during registration is used for the purposes of using the user account and its purpose and can be used by the user to simplify and repeat applications to various companies.
In the context of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as those of the users in protection against abuse and other unauthorized use. This data is not passed on to third parties, unless there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
16. Contacting us
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details will be processed for the purpose of handling the contact request and its processing pursuant to Art. 6 para. 1 lit. b) DSGVO. The user's details may be stored in a customer relationship management system ("CRM system") or comparable inquiry organization.
We delete the inquiries if they are no longer necessary. We review the relevance every two years; furthermore, the legal archiving obligations apply.
17. Hosting and e-mail Dispatch
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer/service.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of users, customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract). Art. 28 DSGVO (conclusion of order processing contract).
18. Collection of Access Data and Log Files
We, respectively our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.
19. Cookies, Cookiebot
Cookies are small text files used by websites to make the user experience more efficient. By law, cookies can be stored on a personal device if they are strictly necessary for the operation of this site. For all other types of cookies, the consent of the user is required.