Data Protection Notice

for use from time:matters – November 2020.

Home/Data Protection Notice

General information

Thank you for visiting our website, where we offer you personalized functionalities in addition to information about our company and our services. Transparency and integrity while processing your personal data is very important to us. When processing personal data, we obey the data protection regulations, in particular the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”).

In this data protection information we explain to you what information (including personal data) is processed by us during your visit on and use of our website time-matters.com and its subpages (“website”) and what rights you are granted with regard to your personal data.

The controller for the processing of personal data is:

time:matters GmbH
Gutenbergstr. 6
63263, Neu-Isenburg
Germany
(also referred to as “time:matters,” “we” or “us” in this Privacy Policy)

For further information, please refer to our Legal Notice https://www.time-matters.com/imprint/.

We have appointed the Lufthansa Group Data Protection Officer as our Data Protection Officer. If you have any questions regarding the processing of your personal data, you can contact the Data Protection Officer at any time by postal mail (Lufthansa AG (DLH), FRA CJ/D, 60546 Frankfurt) or via  e-mail (datenschutz@dlh.de).

If you have questions on data protection regarding our website(s) or the services offered, please contact:

time:matters GmbH
Data Protection
Gutenbergstr. 6
63263 Neu-Isenburg

or via e-mail: data.protection@time-matters.com

Please keep in mind that communication by e-mail are not encrypted.

a) Processing within the usage of our website

Server Logfiles

We collect and use personal data within server logfiles, as far as this is necessary to enable the usage of our website. Any personal data contained in the server logfiles is processed to enable you to use our websites services. This legal basis to do so is on Sect. 15 para. 1 TMG and Art. 6 para. 1 sent. 1 lit. f GDPR to protect our legitimate interest in the operation of our website. The server logfiles include:

  • Name of the website accessed
  • Date and time of access
  • Transferred data volume/file
  • Notification of successful access
  • Browser type and version
  • User’s operating system
  • Referrer URL (the last page visited)
  • IP address
  • Requesting provider

Logfiles are stored for eight days because of security reasons (e.g. to investigate misuse or fraud) and will be erased afterwards. Data which must be kept for longer for evidential purposes are excluded from erasure until final clarification of the respective incident.

Cookies

We use cookies on our website so that we can provide you with all of the technical features of the website and to collect statistics. Cookies are small text files that are transferred by the website to the cookie file of the browser on the user’s device and are kept locally for later retrieval. so that the user can be recognized when he visits the website again. A cookie typically contains the name of the domain from which the cookie originates, the lifetime of the cookie and a unique identifier. The legal basis for the use of technically necessary cookies is the legitimate interest according to Art. 6 para. 1 sent. 1 lit. f. GDPR, in all other cases the legal basis is the consent that you may have given pursuant to Art. 6 para. 1 sent. 1 lit. a GDPR.

To enable the use of certain cookies, you must agree to their use before visiting our website. Please note that it may not be possible to use all of the interactive features and functions of the website if certain cookies are blocked, deleted or rejected.

Please keep in mind that with the complete deletion of all cookies from the cache of the browser you are using, any consent you may have given for cookies will also be deleted and may have to be re-approved when you access to the website again.

Consent Management

On our website, the cookie Consent-Management-Tool Borlabs of the service provider “Borlabs” is being used. The purpose of the data processing is to provide a preference management for the usage of cookies in the users browser, depending on the consent given. The legal basis to do so is our legitimate interest in accordance with Art. 6 para. 1 sent. 1 lit. f. GDPR.

Because of this, two technically necessary cookies are being set in your browser. The cookie “Borlabs Cookie” does not process personal data. The cookie “borlabsCookie” stores the preference you have selected when you use our website. The cookie “borlabsCookieUnblockContent” stores which (external) media/content you would always like to have automatically unblocked . If you wish to revoke these settings, simply delete the cookies in your browser. You will be asked for your cookie preference again when revisiting our website.

Google Services

We use various Google services from Google LLC (“Google”) to analyze and optimize our website. This processing only takes place with your consent as the legal basis in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR, which you provide when you visit our website. Please note that by deleting your browser cache, your consent is also deleted and will be requested again when you visit our website again. The following Google services are used on our website:

Google Analytics

This website uses Google Analytics, a web analysis service from Google. Google uses cookies for this service. The information generated by the cookie about your use of this website is transferred to a Google server in the USA and stored there.
We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users. The IP address transmitted by the user’s browser is not merged with other data from Google.

Google Tag Manager

This website also uses the Google Tag Manager. This allows us to track the user’s interactions with our website, such as counting the number of clicks on our buttons or links. This service is a cookie-less domain and no personal data is collected. However, other services may collect personal information in association with the Google Tag Manager, such as Google Analytics.

Google Ads

We use Google Ads on our website. This service enables us to use advertising material on external websites to make people aware of our offers. This enables us to find out how successful individual advertising measures are. These advertising materials are delivered by Google via a so-called “AdServer”. Here AdServer-Cookies are used, which can be used, for example, to record the amount of ads or clicks by the user. If you should have reached our website through one of our ads, such a cookie will be stored in your browser after your consent. This data is usually also stored by Google. We ourselves have no influence on this storage and the use of your personal data. We ourselves do not collect any personal data in this context but receive a statistical evaluation from Google about the effectiveness of our advertisements.

More information on how Google uses data and the various settings and opt-outs is available on the Google websites.

How Google uses data when you use our partners’ sites or apps:
https://policies.google.com/technologies/partner-sites?hl=en

Advertising:
http://www.google.com/policies/technologies/ads

Control the information Google uses to show you ads:
http://www.google.de/settings/ads

SOCIAL NETWORK INTEGRATION

We offer social network functionality in various parts of our website through what are known as social plugins. This also includes linking to our content on social networks. We maintain an online presence on social networks and platforms in order to actively communicate there with customers, interested parties and users and inform them there about our services. Please note that we have neither knowledge about nor influence over how social networks use information provided by you and whether this information is disclosed to other websites. We recommend that you read the respective privacy information carefully. Therefore, the terms and conditions and data processing guidelines of the respective operators apply when you access the networks and platforms. Unless otherwise stated in our Privacy Policy, we process the data of users who communicate with us on social networks and platforms, e.g. post to our online pages or send us messages.

Of course, all our online offerings can be accessed and used without the use of social networks. When you visit our website, the social plugin buttons are disabled by default, i.e. they do not automatically send any data to third parties. Before you can use a button, you must activate it using the consent manager first. Please note that the button will remain active until you either disable it again or delete your “cookies.” A direct connection is established with the server of the respective social network following activation. The button content is then passed directly to your browser by the social network and integrated by this into the website.

The information below provides an overview of third-party providers as well as links to their privacy policies, which contain further information on data processing and opt-outs, some of which is also mentioned here:

Facebook
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data is processed on the basis of an agreement on the joint processing of personal data pursuant to Art. 26 GDPR.
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads

Xing
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/en/privacy-policy
Opt-out: https://privacy.xing.com/en/privacy-policy

LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

YouTube and Google+
Videos from the YouTube platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://policies.google.com/privacy?hl=en-US
Opt-out: https://www.google.com/settings/ads/

Instagram
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Privacy Policy: http://instagram.com/about/legal/privacy
Opt-out: http://instagram.com/about/legal/privacy

Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy Policy: https://twitter.com/en/privacy
Opt-out: https://twitter.com/personalization

Google Maps
In various parts, we offer the use of the Google Maps positioning and map service through the Google Maps API.

When you use Google Maps, information concerning your visit to our website or your use of the app (including your IP address) may be transmitted to and stored on a Google server in the USA. Google may also share the information obtained through Maps with third parties where required to do so by law or where third parties process these data on Google’s behalf.

Google never associates your IP address with other Google data. Nevertheless, it may still be technically possible for Google to identify at least some users based on the data obtained. It is possible that personal data and personality profiles of website users may be processed by Google for other purposes over which we have and can have no influence.

Google Maps is a service operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

The Google Privacy Policy and Google Maps Additional Terms of Service can be found at https://www.google.com/intl/en_us/help/terms_maps.html.

b) Processing of your data as a (future) customer

We process and use personal data that is transmitted to us in connection with the request for transport services or to make it easier to handle future shipments (e.g. address data of customers). We process this personal data exclusively in relation to the shipment. The shipping customer is fully responsible for the accuracy of the transmitted data. In the context of of shipment processing, it may be necessary for us to transfer personal data on to our shipping partners.

If a contractual relationship is established between us, or if it is changed, we will process the personal data that you enter in the order or registration form, or that you transmit to us in any other way (in particular required contact and address data).

Such need to process personal data includes, but is not limited to, performing the necessary pre-contractual steps, answering your questions related, providing shipping and billing information, and processing or providing customer feedback and support. The legal basis for this is the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract in accordance with Art. 6 para. 1 sent. 1 lit. b GDPR.

All mandatory information which we must collect to provide our services can be identified by brief notes or an asterisk (*). Non-required information is provided by you voluntarily so that we can offer you a solution for your assignment or request that is perfectly customized to your needs.

Contact form (Contact us)

If you would like to get in touch with us, we have a contact form available on our website, which you can use to contact us electronically. The data entered in our form will be transmitted to us and will be stored. These data are:

  • name
  • e-mail address
  • company
  • your message

When you send the message, the IP address used by you will also be saved. The data of the contact form will be used exclusively for the purpose of the communication initiated by you. The legal basis for the processing of your personal data is Art. 6 para. 1 sent. 1 lit. b GDPR, as well as, Art. 6 para. 6 sent. 1 lit. f. GDPR.

Check sanction lists / no-fly lists

Due to our legitimate interest in the integrity and security of business processes, as well as in compliance with legal regulations, we transfer your personal data to an external service provider for control purposes. This service provider checks your data on our behalf, e.g. against relevant sanction or no-fly lists. The legal basis for this transmission is Art. 6 para. 1 sent. 1 lit. b, lit. c GDPR.

Customer data within the time:matters Group

Based on internal processes, especially for the performance of contracts, we or our customers themselves share personal data of our customers with the following contractually bound companies. The data transfer depends on the company with which the customer has concluded a contract.

  1. time:matters Spare Parts Logistics GmbH, Gutenbergstr. 6, 62363 Neu-Isenburg, Germany
  2. time:matters Courier Terminals GmbH, Tor 26, Gebäude 455d, Airportring, 60549 Frankfurt am Main, Germany
  3. CB Customs Broker GmbH, Fasanenweg 4, 65451 Kelsterbach, Germany
  4. time:matters Austria GmbH, Air Cargo Center Obj. 262/8/3, 1300 Vienna Airport, Austria
  5. time:matters Netherlands B.V., Beechavenue 30 – 50, 1119 PV Schiphol-Rijk, Netherlands
  6. time:matters (Asia Pacific) Pte Ltd., 390 Orchard Road, Palais Renaissance #08-01, 238871 Singapore
  7. time:matters (Shanghai) International Freight Forwarding Ltd., Huashan Road No. 1568, NanFung Tower, Room 1204, (Changning District), 200052 Shanghai, China
  8. time:matters Americas, Inc., 5201 Blue Lagoon Drive, Suite 900, Miami, Florida 33126, USA

The legal basis in this context are the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract according to Art. 6 para. 1 sent. 1 lit. b GDPR, as well as our legitimate interests according to Art. 6 para. 1 sent. 1 lit. f. GDPR.

Customer Relationship Management (CRM)

We do separate (potential) new customers into different categories. This is done based on different evaluation standards, e.g. based on the industry and size of the (potential) new customer. If we determine that further business relationships may develop in the future, we will create a profile in our Customer-Relation-Management-System (CRM) for our (potential) new customers. We use our CRM both for the maintenance of existing and new customers and for the analysis of potential new customers/new contacts. The data processing includes general information, such as general company information and contact data as well as comprehensive data processing such as recording visits and conversations.

The legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR in the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract as well as the protection of our legitimate interests according to Art. 6 para. 1 sent.1 lit. f GDPR.

Our internal processes are structured in such a way that potential new customers receive an e-mail, in which we refer to our data protection declaration for the purpose of fulfilling the information to be provided and offer the possibility of an objection. The objection can be made to us via a link contained in the e-mail. Until an objection is submitted, the profile remains comprehensive, i.e. we also process information that helps us to keep track of our communication and prepare new meetings and addresses. Should we receive an objection from a data subject, we will immediately delete all personal data from the profile. If at a later point of time the data subject should again wish to have more comprehensive processing of the personal data, we will manually initiate this process again and inform him/her once more about the data processing.

Customer account

We do set up a user account for our customers, where contact and address information will be processed and optional additional information, such as payment information and contact details, can be provided to facilitate communication or to speed up subsequent booking processes. The user account will be stored with the e-mail address provided to us. Login data is generated by the customers themselves. For this purpose, the customer will receive an automatic e-mail with an activation link, an e-mail with a summary of relevant data and instructions for password selection.

We also offer interested parties the opportunity to set up a customer account with us. For this purpose, the online registration form on our website can be used. We collect general contact and payment data for the user account.

For the registration, we process personal data based on Art. 6 Para. 1 sent. 1 lit. b GDPR for the purpose of pre-contractual measures and to fulfill the contract. In addition, we process optionally entered data within the scope of your consent in accordance with Art. 6 Para. 1 sentence 1 lit. a GDPR.

Rating of our Services

When our services are rated, we process the personal data given to us on a voluntary basis. These are usually the contact details of the data subject and the rating comment provided. Of course, data subjects can request that ratings given provided are erased or their processing is being restricted. Processing until that point of time remain unaffected by this.

As a company, we are dependent on the evaluation of our services in our efforts to constantly improve. We collect the data of the evaluations submitted based on Art. 6 para. 1 sent. 1 lit. b GDPR in the context of the following contractual relationship carried out and in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR in the context of our legitimate interest in the improvement of our services.

Contact form (Contact us)

If you would like to get in touch with us, we have a contact form available on our website, which you can use to contact us electronically. The data entered in our form will be transmitted to us and will be stored. These data are:

  • name
  • e-mail address
  • company
  • your message

When you send the message, the IP address used by you will also be saved. The data of the contact form will be used exclusively for the purpose of the communication initiated by you. The legal basis for the processing of your personal data is Art. 6 para. 1 sent. 1 lit. b GDPR, as well as, Art. 6 para. 6 sent. 1 lit. f. GDPR

Payment Provider

To offer you a choice of secure and efficient payment options for our services, we use external payment service providers.

Data collected and processed by the used payment service providers include:

  • payment method
  • name
  • payment details (e.g. credit card, electronic payment data)
  • payment amount

The payment data you enter is gathered by the payment service providers we use and processed by them as the responsible party within the meaning of the GDPR. This processing is necessary to make the payment transaction to us. At no time we receive information about entered account data, credit card data or other electronic payment methods. We are only provided with the information whether the payment was successful or not.

For payment transactions, the data protection information and the terms and conditions of the respective payment service providers used by must be observed.

We use the following payment service providers:

Braintree – A payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

The Braintree privacy policy can be found at: https://www.braintreepayments.com/de/legal/braintree-privacy-policy

c) Processing of your data when using booking.time-matters.com

On our website “booking.time-matters.com” you can use our service to search the best offers for transporting solutions.

In a first step, we use the general and non-personal data you provide regarding the transport, such as, content, size and weight information, pickup and delivery address, as well as the desired date of the shipment(s) to be transported, to show you possible transport solutions including price.

If you would like to use one of the offered transporting solutions, you can book a transport with us using the “Book now” function. The following data is gathered during the booking process:

  • last name/first name
  • company (optional)
  • e-mail address
  • phone number
  • address (street name, house number, ZIP, city, country)
  • pickup/delivery address (street name, house number, ZIP, city, country)
  • pickup/delivery contact (last name/first name, e-mail address, phone number)
  • shipper data
  • payment info (billing address, last name/first name, e-mail address, phone number, payment details)

We use the data you provide to send you booking confirmations and other necessary communication, documents and invoices in connection with the booking you have made. Optional information which is not required is marked as such. In the context of transport processing, it will be necessary for us to pass on personal data to participating partners and payment service providers for the purpose of transport and payment processing.

The legal basis for the processing of personal data is Art. 6 para. 1 sent. 1 lit. b GDPR in the context of the performance of a contract, regarding the booking made by you.

d) Processing of your data within our onboard courier services (airmates.eu / airmate booking)

Interested parties can use our airmates.eu website to search online for the best quotes for personally escorted (goods) shipments.

We use the given e-mail address to provide a personalized offer. If that price improves within 24 hours, we will send another offer as a one-off. Offers may become cheaper due to unforeseen changes or price fluctuations within the fare search system. We consider this as a part of the service for our interested parties to be able to offer the best price. The given e-mail address is not used for any other purpose and is anonymized within 48 hours of being entered and only used for internal statistical purposes. Once the e-mail address has been anonymized, it can no longer be attributed to any identified or identifiable natural person. We do not use the given e-mail address for other purposes. We process the given e-mail address based on Art. 6 para. 1 sent.1 lit. b GDPR in order to take steps prior to entering a contract on request of the data subject.

Interested parties can voluntarily provide not only their e-mail address but also their telephone number. In this case, we will contact the interested party by telephone and advise them based on their current search. We store the telephone number for 48 hours after the last contact. Should you wish to have your telephone number deleted earlier, you can inform our team at any time. Your telephone number will then be marked with a blocking note and you will not be contacted by us again until it is deleted. Alternatively, you can request deletion via e-mail at any time. Due to internal processes, however, it can take up to two working days until the deletion is technically implemented. We therefore recommend that you contact our team by telephone to ensure that your contact is blocked quickly. We process the telephone number provided based on Art. 6 Para. 1 sent. 1 lit. b GDPR in order to take steps at the request of the data subject prior to entering into a contract at the request of the person concerned.

e) Processing of data when registering as an onboard courier (airmates.eu / become an airmate)

In order to make the functions of airmates.eu (both the website and the app) available to our (potential) onboard couriers, (potential) onboard couriers must first register and create a personal user profile. The login data collected during this registration process will be stored together with the profile of an Onboard Courier. The personal login data must always be kept secret. Shared profiles are not permitted at any time. The login data is limited to the e-mail address provided and a password chosen by the user so that we can identify the courier. Additionally, we collect the mobile phone number to verify the user of the account. There is also the possibility to receive orders via SMS directly to your cell phone in case our offered app is not used anymore.

In the process of registration, the user provides some information about themselves. All mandatory data, which we require for the provision of our services and for registration, are marked with an asterisk (*). Non-marked information is provided voluntarily so that we can send the courier coordinated orders. The personal data provided will only be used for the specified purposes.

During the registration process, (potential) onboard couriers must verify themselves with our service provider IDnow GmbH, Auenstraße 100, 80469 Munich, Germany so that we can meet our legal and contractual obligations. A valid ID is needed for this, we never receive copies of IDs from our contractually bound partner. For further information on IDnow GmbH, the registration process and contact details, please visit: https://www.idnow.io/privacy/

We process the following data in in the context of an onboard courier profile:

  • Adress and contact data
  • Identity data
  • Location data
  • Preferences and skill set
  • Verification status
  • Information on orders already completed

The legal basis for processing onboard courier data is Art. 6 para. 1 sent. 1 lit. b GDPR because the processing is necessary for the performance of a contract to which the onboard courier is party or in order to take steps at the request of onboard courier prior to entering into a contract. Furthermore, we process the personal data of our (potential) onboard couriers based on Art. 6 para 1 sent. 1 lit. c GDPR out of compliance reasons due to legal obligations.

The personal data are only processed for as long as this is necessary to fulfill the necessary purpose. We reserve the right to also keep so-called blacklists based on Art. 6 para. 1 sent. 1 lit f GDPR. Our legitimate interest lies in sustaining high quality standards for our services. We process the data in our blacklists for 5 years at most, after that data is being erased .

In some cases, we may put a profile on hold. We normally make this change if we cannot guarantee orders soon (e.g. because a lot of potential couriers have already registered for a particular region). In this case, we store the identity, contact and/or location data and process these if the order situation changes, e.g. if it becomes more likely that we will be able to assign an order or we wish to inform the data subject about the current status of their profile. We normally process the data for 12 months. The data subject is given the option to agree to extended data processing (extended by another 12 months) shortly before this period comes to an end. The legal basis to do so is Art. 6 par. 1 sent. 1 lit. a GDPR, which is the consent given by the data subject.

f) Processing of your data for our newsletters

On our website you can subscribe yourself one or more or our different e-mail newsletters. The information required for registration is given in the registration form and usually includes your e-mail address. Mandatory information is marked as such, optionally you can give us further details.

By signing up for one of our newsletters, you agree to receive it regularly. The newsletters we send out also enable us to evaluate and statistically analyze whether they have been opened and, if so, what content has been clicked on. The registration to our newsletters takes place with a double-opt-in procedure, i.e. interested parties receive an e-mail after registration in which we ask for confirmation of the submitted registration. This confirmation is necessary to prevent misuse of the newsletter registration. The newsletter registrations are logged in order to be able to prove the registration process according to legal requirements. This includes saving the time of registration and confirmation, as well as the IP-address of your internet connection used at that time. The current status of the registration process is also logged with the mail provider we use.

We send out newsletters and process your data only with your consent as the recipient, based on Art. 6 para. 1 sent. 1 lit. a GDPR. If the registration for a newsletter includes a concrete description of its topics, these are decisive for the consent of the users. Furthermore, our newsletters contain information about our services and about us.

You can unsubscribe from our newsletters at any time with effect for the future, i.e. withdraw your consent. You will find a link to unsubscribe from our newsletter at the end of each newsletter we sent to you. Unsubscribing causes the deletion of your data from the newsletter distribution list. As an alternative, you can also send us a corresponding message for unscubscription at any time by postal mail or e-mail to the contact details given above.

Additional information regarding the press mailing list:

In addition, we offer people who are active in journalism the opportunity to receive a newsletter for journalistic purposes. If you contact us with the request to add you to our press mailing list, we will manually add your e-mail address. We will then initiate the above described process for the consent of our mailing service provider. If you do not respond to this mail, your e-mail address will automatically be blocked after 48 hours.

g) Processing of your data when applying for a job

If you apply to one our job offers, your personal data will be stored by us as part of the application process. You can only submit your application for open jobs via the career cockpit of Deutsche Lufthansa AG. This can be accessed via https://be-lufthansa.com/en or via https://be-lufthansa.com/en/time:matters.

To participate in the application process, you need a user account, which you have to create accordingly. For the career cockpit the data protection information of the Deutsche Lufthansa AG is applicable, which you read here: https://be-lufthansa.com/en/dataprotection. During the registration you will have to accept the data protection information.

The personal data entered is managed exclusively within the framework of the Lufthansa Career Cockpit. The applicant’s data will only be stored additionally if an interview with us should take place. In this case, the applicant’s documents will be forwarded by our HR department exclusively to the relevant departments and used in the context of the application and selection process.

In the case an applicant should be rejected, the applicant’s data will be stored for up to 6 months after notification from time:matters due to legal requirements and claims and will be deleted after this period. Please note that the Lufthansa data protection declaration still applies, and deletion periods may be different. The legal basis for the processing of your personal data as an applicant is Art. 88 GDPR in connection with Sect. 26 BDSG, as well as any additional declarations of consent during the application procedure in the sense of Art. 6 para. 1 sent. 1 lit. a GDPR.

Further information on frequently asked questions (FAQ) during the application process of time:matters, can be found at the following place: https://www.time-matters.com/career-en/faq-application-process/

In general, personal data is being processed within our company. Only specific departments/organizational units can access personal data, depending on its nature. They include in particular the specialist departments tasked with providing our digital offerings (e.g. Websites) or the described business processes, and our IT department. A role and authorization concept restricts access at our company to the functions and the scope required for the purpose for which the data is processed.

We may also transfer personal data to third parties outside our company to the extent permitted by law. In particular, these external recipients may include

  • affiliated companies in the Lufthansa Group to which we transfer personal data for internal administrative purposes and for the performance of central services (e.g. billing services);
  • those third parties we use to provide our services (e.g. to carry out flights or load and unload cargo), insofar as the transfer is necessary to fulfil the contracts concluded with us, such as ground handling service providers at the airports we operate;
  • service providers whom we have engaged (e.g. our transport-, IT-, CRM- or payment service providers etc. or partly also our ground handling service providers) and who, on the basis of a separate contractual agreement, provide us with services that may also involve processing personal data, as well as the subcontractors our service providers engage with our consent. Within information technology, this includes in particular:
  • (Web-) hosting service provider
  • Software-as-a-Service (SaaS) service provider
  • E-mail / Mailing service provider
  • Verification service provider for identity check
  • non-public and public bodies (e.g. airports, customs or police authorities, etc.), where we are obliged to transfer your personal data due to legal obligations,
  • recipients of a consignment we deliver for one of our business partners; the consignments may also contain personal data from you in individual cases if you have been named as the contact person in the provided consignment data;
  • other contact persons at your organization if they are likewise registered to use our services; in this case, all contact persons within the organization of a business partner may be able to access details of all business transactions of that business partner (including information on your involvement in such a business transaction) using the services;
  • furthermore, we may transfer further data to third parties within the scope of the use of cookies and tracking functions on our website.

If we process data in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), or if this is done in connection with the use of third-party services or the transfer of data to third parties, this is only done if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests.

Subject to legal or contractual permissions, we only transfer personal data to a third country if the special requirements of Art. 44 ff. GDPR. As far as these transmissions are not based on a legal basis or are made to a country for which no adequacy decision issued by the EU Commission exists, we use the EU standard contractual clauses.

We do not use any automated decision-making (including profiling) within the meaning of Art. 22 GDPR in connection with operation of our Website. If we use such methods in individual cases, we will notify you separately to the legally prescribed extent.

We only process the data until it is no longer required to fulfill the stated purpose, or until a deletion or a withdrawal of consent has been declared to us by the data subject. The internal deletion processes are designed in such a way that every employee entrusted with data processing is obliged to regularly check the purpose, actuality and legitimacy of the data processing. Personal data we have to store in order to comply with retention obligations is stored until the obligation to retain it ends. If we store personal data solely to comply with retention obligations, it is usually blocked, meaning it can only be accessed when that is required for the purpose for which the data had to be retained. Information on the individual storage period of certain processing procedures can be found in the relevant sections of this data protection declaration.
a) Right to object

As a data subject you have the right to object according to Art. 21 GDPR, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on Art. 6 para. 1 sent. 1 lit. e or lit. f  GDPR including profiling based on those provisions. In the event of such an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds to further process the personal data, outweighing your interests, rights and freedoms, or the processing is used for effective exercise or defense of legal rights.

In case we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object processing for direct marketing purposes, the relevant personal data will no longer be processed for these purposes.

b) Withdrawal of consent

If you have given us your consent to process your personal data, we hereby inform you that you can withdraw this consent at any time, e.g. by clicking on the corresponding link in each of our newsletters or in our e-mailings or by sending us a corresponding message by post, fax or e-mail via one of the contact channels mentioned above of this data protection declaration. In all other cases or if you have problems to withdraw your consent, you can also contact our Data Protection Office at time:matters, also mentioned above.

Please note that the consent you have withdrawn will only have effect for the future and has no influence on the lawfulness of processing based on consent before its withdrawal. In some cases, despite your withdrawal, we are entitled to process your personal data on a different legal basis – for example, to fulfil a contract.

c) Additional rights

As an affected person, you also have the right to

  • obtain confirmation as to whether personal data relating to you are being processed and, if so, to obtain information about such data, the purposes for which they are being used and other information in accordance with Art. 15 GDPR (Right of access);
  • demand the rectification of incorrect data concerning to you. You also have the right, considering the circumstances, to request the completion of incomplete personal data concerning you, also by means of a supplementary statement, in accordance with Art. 16 GDPR (right to rectification);
  • request that personal data concerning you be erased in accordance with Art. 17 GDPR (right to erasure);
  • demand the restriction of processing in accordance with Art. 18 GDPR (right to restriction of processing);
  • to receive the personal data concerning you, which you have made available to us, in a structured, common and machine-readable format and to transmit this data to another controller in accordance with Art. 20 GDPR (right to data portability).

To exercise these rights, please contact us at any time by mail (Data Protection, time:matters GmbH, Gutenbergstr. 6, 63263 Neu-Isenburg) or by e-mail (data.protection@time-matters.com).

Please note that in order to exercise your rights and to ensure data protection, we must identify you in each case and, if we cannot (clearly) identify you, we may have questions about your request. Despite our efforts, it is not possible to process your rights without a minimum of certain information about you. For identification purposes we therefore ask you to provide the following minimum information:

  • Name, first name
  • postal address
  • e-mail address
  • and optionally customer or booking number

When communicating over the Internet (e.g. by e-mail), complete confidentiality and data security cannot always be guaranteed. We therefore recommend that you use the postal service for confidential information.

d) Relevant Supervisory Authority

As a data subject, according to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of suspected infringement, if you believe that the processing of personal data concerning you violates the GDPR.

For time:matters the relevant supervisory authority is:

The Officer for Data Protection and Freedom of Information of the State of Hesse

Postfach 3163
65021 Wiesbaden
Gustav-Stresemann-Ring 1
64189 Wiesbaden

phone number: +49 (0)611 1408-0
fax number: +49 (0)611 1408-900/901
E-Mail: poststelle@datenschutz.hessen.de

More information and contact data can be found here:
https://datenschutz.hessen.de/

A list of the supervisory authorities of other federal states and their contact details can be found here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

We reserve the right to update these data privacy information from time to time to take into account changes in law or extensions to the functional scope of our online offering. The date of the last update at the bottom of the data privacy information is amended accordingly in such cases. Therefore, we recommend that you regularly read the data privacy information in order to remain up to date on data protection.

Neu-Isenburg, June 2021