Welcome to the website of Lufthansa City Airlines GmbH. Thank you for visiting our website and for your interest in our company.

Transparency and integrity in the processing of your personal data is of major important to us. Therefore, the processing of data is carried out in accordance with the currently valid data protection regulations, in particular the European General Data Protection Regulation (GDPR) applicable from 25.05.2018 and the new Bundesdatenschutzgesetz (BDSG-new) applicable from 25.05.2018.

In the following data protection information, we explain which information (including personal data) is processed by us during your visit and use of our aforementioned Internet service ("website") and which rights you are entitled to at any time with regard to your personal data.

1. Name and contact details of the controller and the data protection officer 

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Lufthansa City Airlines GmbH 
Munich Airport, FOC
Südallee 15
D-85356 Munich
E-mail: lh.city-airlines(at)lufthansa-group.com 

Data Protection Officer Lufthansa City Airlines GmbH:  
Group Data Protection Officer for the Lufthansa Group
German Lufthansa AG
Venloer Straße 151-153
50672 Cologne, Germany
E-mail: datenschutz(at)dlh.de

2. Collection and storage of personal data and the nature and purpose of processing

When visiting the website
It is not necessary to provide personal data (e.g. name, address, e-mail address, etc.) in order to use our website. When you visit our website, your browser automatically transmits information to the server of this site. These so-called log files are stored temporarily until they are automatically deleted:

  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Host name/IP address of the accessing computer
  • Date and time of the server request
  • Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website
  • Amount of data transferred in each case

Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website, to eliminate malfunctions and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR. Under no circumstances do we use the data collected to draw conclusions about your person. 

Flight bookings 
We do not offer a booking function on our website. As soon as you wish to purchase a flight ticket, you will be redirected to the website of our parent company, Deutsche Lufthansa AG. Please note that the data protection provisions of Deutsche Lufthansa AG apply from this point onwards. You have the option to object to this at any time. Further information on Lufthansa's privacy policy can be found here https://www.lufthansa.com/de/de/datenschutz

Links to other websites
Our website contains links to other websites. We ourselves are not responsible for the data protection provisions of the linked websites and accept no liability for their content.

3. Use and disclosure of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your data to third parties if: 

  • You have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • The disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • In the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • This is permitted by law and is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that need it to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interest. Your data will only be passed on to external parties

  • in connection with contract processing;
  • for the purpose of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest; 
  • to the extent that external service providers process data on our behalf as processors or function providers (e.g. external data centers, support/maintenance of EDP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility checks, data processing, data processing for the purposes of data protection). -plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
  • on the basis of our legitimate interest or the legitimate interest of the third party for the aforementioned purposes (e.g. to authorities, credit agencies, debt collection agencies, lawyers, courts, experts, group companies and committees and supervisory bodies);
  • if you have given us your consent to transfer your data to third parties.

We will not pass on your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards as we do. Personal data may be transferred to third countries or international organizations. For your protection and to protect your personal data, appropriate security precautions are taken for such data transfers in accordance with and in compliance with the statutory provisions.

If these transfers have no legal basis or are to a country for which the EU Commission has not issued an adequacy decision, we use EU standard contractual clauses.
In all other cases, the recipients may only use the data for the purposes for which it was transferred to them.

4. For how long will your data be stored?

Your personal data will be deleted as soon as it is no longer required for the stated purposes and there are no legal retention periods to the contrary. 

5. Cookies

Our website uses cookies. These have two functions. On the one hand, they are necessary for the basic functionality of our website: On the other hand, we can use cookies to continuously improve our content for you. You can find more information about cookies on this website here

6. Matomo

This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.). The information collected about your use of this website is not passed on to third parties. Our interest in and purpose of data processing lies in the optimization of our website, the adaptation of content and the improvement of our offer. The interests of users are adequately protected by anonymization.

IP anonymization
Matomo uses cookies and stores the IP addresses in anonymized form. Anonymization takes place immediately after the IP address is processed and before it is stored on our web server. This is done by shortening the IP address by the last octet in accordance with the resolutions of the data protection conference of the data protection supervisory authorities of the federal and state governments (DSK). This means that you as the user always remain anonymous.

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
You can find further information in English at: https://www.matomo.org/

Legal basis The use of this analysis tool is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 1 TDDDG. Consent is voluntary, is not a condition for the use of this website and can be revoked at any time with effect for the future.

Deactivate Matomo
If you do not agree to the storage and use of your data, you can deactivate the storage and use here.

7. Rights of the data subjects 

You have the right:

  • Right of access by the data subject, Art. 15 GDPR

to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;

  • Right to rectification, Art. 16 GDPR

to demand the immediate correction of incorrect or incomplete personal data stored by us

  • Right to erasure ("right to be forgotten"), Art. 17 GDPR

to demand the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims

  • Right to restriction of processing, Art. 18 GDPR

to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

  • Right to data portability, Art. 20 GDPR

to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller in accordance with Art. 20 GDPR

- Right to object, Art. 21 GDPR

in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future and

- Right to lodge a complaint, Art 77 GDPR i.V.m. § 19 BDSG

to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. The supervisory authority responsible for Lufthansa City Airlines GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (BayLDA)
Promenade 18
91522 Ansbach

If you wish to exercise your rights, please send an e-mail to datenauskunft(at)dlh.de.

Please provide the following information so that we can identify you:

  • Name
  • postal address
  •  E-mail address and optionally: Customer number or booking code or ticket number

If you send us a copy of your ID, please black out all data except your first name, surname and address.

We would like to point out that we will use your personal data to process your request and for identification purposes in accordance with Art. 6 para. 1 lit. c GDPR.

8. Right to object 

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to datenauskunft@dlh.de.

9. Data security

We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements.


This privacy policy is currently valid and has the status as of March 26, 2024. We reserve the right to update this privacy policy regularly.