Controllership means determining the purposes and means of the processing of personal data within this Service.
This service is intended for the use by organizations. Where the Service is made available to you through an organization (e.g. your employer), that organization is responsible for the Service’s sites/personal data input over which it has control. If this is the case, please direct your data privacy questions to your administrator/team lead/project lead/data protection officer, as your use of the Service shall be subject to that organization's policies.
Lufthansa Systems GmbH & Co. KG is not responsible for the privacy or security practices of your organization, which may be different than this policy.
We, Lufthansa Systems GmbH & Co. KG (Am Messeplatz 1, 65479 Raunheim, Germany), hereinafter also called “LSY”, “we”, “us”, wish to inform you how your personal data is processed when you use a trackSpace Suite service (e.g. trackSpace or docSpace), hereinafter also called “website” or referred to as “Services", provided by us.
If you have any further queries regarding data protection in connection with our website or the services offered, please contact our data protection officer or coordinator:
Group Data Protection Office for the Lufthansa Group:
Deutsche Lufthansa AG
60546 Frankfurt a. M.
Data Protection Officer at Lufthansa Systems GmbH & Co. KG:
We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:
We collect information about you when you input it into the Services or otherwise provide it directly to us.
We collect information about you when you register for an account and providing your contacts, create or modify your profile, set preferences, sign-up for the Services. You also have the option of adding information about you (= data) such as display name (alias), profile photo, job title, and other details to your profile to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
When you use our Services, we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include. Examples of content we collect and store include: the summary and description added to a JIRA issue, the pages you create in Confluence, your repositories and pull requests in Bitbucket, comments you enter in connection with an incident in status pages, and any feedback you provide to us. Content also includes the files and links you upload to the Services.
The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and content you create and update.
We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Many browsers include their own management tools for removing HTML5 local storage objects.
You will not be able to opt-out of any cookies or other technologies that are “strictly necessary” for the Services.
We receive information about you from other Service users, from third-party services, from our related companies, and from our business and channel partners.
Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned in a JIRA issue opened by someone else. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing or technical contact on your company's account.
We may receive information about you from companies that are owned or operated by LSY, in accordance with their terms and policies.
We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements.
How we use the information collected depends partly on the Services you use how you use them, based on any preferences or settings you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. For example, we use the name and picture you provide in your account to identify you to other Service users. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analyzing the activities of your team to provide search results, activity feeds, notifications, connections and recommendations that are most relevant for you and your team. For example, we may use your stated job title and activity to return search results we think are relevant to your job function. We also use information about you to connect you with other team members seeking your subject matter expertise. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our websites.
We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. For example, to improve the @mention feature, we automatically analyze recent interactions among users and how often they @mention one another to surface the most relevant connections for users. We automatically analyze and aggregate frequently used search terms to improve the accuracy and relevance of suggested topics that auto-populate when you use the search feature. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyze certain new features with some users before rolling the feature out to all users.
We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We send you email notifications when you or others interact with you on the Services, for example, when you are @mentioned on a page or ticket or when a task if assigned to you. We also provide tailored communications based on your activity and interactions with us. For example, certain actions you take in the Services may automatically trigger a feature or third-party app suggestion within the Services that would make that task easier. We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases you cannot opt out of them. If an opt-out is available, you will find that option within the communication itself or in your account settings.
We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against the Lufthansa Systems GmbH & Co. KG may be enforced (statutory limitation period of three to thirty years). Personal data are also saved to the extent that and for so long as LSY is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods up to ten years.
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
We are committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can exercise the following rights where the respective legal requirements are satisfied:
Right of Access by the Data Subject (Art. 15 GDPR): You shall have the right to receive/access information from us regarding the processing of your personal data.
Right to Rectification (Art. 16 GDPR): You shall have the right to demand that we correct your personal data which are incorrect, outdated and/or incomplete.
Right to Erasure (Art. 17 GDPR): You shall have the right to demand the deletion of your personal data in accordance with the requirements of Article 17 GDPR.
Right to Restriction of Processing (Art. 18 GDPR): You shall have the right to demand the restriction of the processing of your personal data in accordance with the requirements of Article 18 GDPR.
Right to Data Portability (Art. 20 GDPR): Insofar as the data processing undertaken is based upon a consent (Art. 6(1)(a) or Art. 9(2)(a)) or a fulfilment of a contractual agreement (Art. 6(1)(b)) and it makes use of an automated processing system, you shall have the right to receive your data in a structured, commonplace and machine-readable format and to transfer these data to another data processing service provider.
Right to Object (Art. 21 GDPR): Insofar as the processing is based upon an overriding interest or your data are used for the purposes of direct advertising, you shall have the right to object to the processing of your data. An objection shall be permissible if the processing either is carried out in the public interest or in the exercising of official authority or owing to a justified interest of LSY or of a third party. In the event that you object, we request that you state your reasons to us regarding why you are objecting to the data processing. In addition, you shall have the right to object to the data processing for the purposes of direct advertising. This shall also be valid for profiling insofar as this is undertaken in conjunction with the direct advertising.
Right of Withdrawal (Art. 7(3) GDPR): If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time. To exercise your right, please email one of the contacts named under “1. Controller”. In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR. Please also note that your consent can only be withdrawn with future effect and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract.
Right to Complain (Art. 77 GDPR): You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for the Lufthansa Systems GmbH & Co. KG is:
Landesbeauftragter für Datenschutz und Informationsfreiheit des Landes Hessen
P. O. box 3163
phone: +49 611 1408 - 0
fax: +49 611 1408 - 611
To exercise your rights please contact us via e-mail: email@example.com.
The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services or an administrator.