Privacy and Cookies Policy
Data Privacy Statement Overview
StaffNOW's mission is to connect the world's professionals in aircraft maintenance services with Maintenance, Repair and Overhaul service providers (MROs) in a fast and easy way. Central to this mission is our commitment to be transparent about the personal data we collect, how it is used and with whom it is shared.
1. General terms
The data controller in the sense of the European Data Protection Law (EU GDPR) is Lufthansa Technik AG.
Personal data shall mean any information related to an identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing shall mean any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Users shall mean registered users on StaffNOW.
Profile shall mean one (1) user account/profile for a User.
Services shall mean all available for the specific User functionalities of StaffNOW, that he/she might use or have the right to use.
Contractor(s) shall mean technicians.
StaffNOW shall mean a digital platform connecting professionals undertaking non-permanent assignments in the aircraft repair industry (contractors) with MROs and Contracting Agencies. StaffNOW enables transparent communication between MROs and Contractors, higher ratio of fulfilled requests vs. temporary job assignments, easier and faster sourcing and onboarding process, and other optimization and automation of efforts for registered Users.
3. Data collection
3.1. User data
To create an account/profile you need to provide data, including:
- Your name (full personal name; and company name if acting on behalf of a company);
- A valid e-mail address.
This mandatory information is marked as such on StaffNOW. In the event that registration has not been completed, the data will not be saved and we will not have any access and visibility to it.
You have choices about the information you provide on your profile, such as your education, work experience, skills, photo, city or area and endorsements. We collect personal data from you when you provide it or upload it to StaffNOW or via our Services. This may be when you fill out a form (e.g. with demographic data or salary), respond to a survey, or submit a resume. It is your choice whether to provide this data or not.
3.2. Service use
We log usage data when you visit or otherwise use our Services (e.g. our sites) such as when you view or click on content (e.g. assignment applications), perform a search, approach a User through the available resources, or apply for assignments. We use log-ins, cookies, device information and internet protocol ("IP") addresses to identify you and log your use.
Every time you use the internet your internet browser will automatically transfer certain information that we will store in so-called log-files.
The log-files will solely be stored for the detection of malfunctions and security reasons (e.g. attack detection) for a period between seven and ten days. Log-files will be stored for a longer period of time and might be transferred to investigating authorities if they are needed as evidence if an incident took place. They will be subject to restriction of processing upon the final clearance of the matter.
In particular, log-files include the following information:
- IP address of the network from which the online service is accessed,
- Date and time of request,
- Size of transferred data,
- URI of the accessed data,
- Operating system and information regarding the internet browser used, including add-ons,
- HTTP Response Status Code.
A cookie is a small element of data that can be exchanged between an Internet site and a client's browser. It can be stored on either side to enable the Internet application to recognize the client on return. You can set your browser to notify you when you receive a cookie, and you may choose to accept the cookie or not. If you do not accept the cookie, the corresponding Internet page cannot be accessed. If you accept the cookie, you can delete it after the session.
3.2.3. Google Analytics
We use Google Analytics as a tracking tool. Its functions are explained in the following paragraphs.
The use includes the Universal Analytics operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.
Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google Analytics with the additional function offered by Google to anonymize IP addresses. While doing so, Google already shortens IPs within the EU in most cases and only does so in the United States in exceptional cases, while always saving shortened IPs only. You may object to the collection or processing of your data by using the following link to download and install a browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en
To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google Analytics
The legal basis for using it is our legitimate interests in accordance with Article 6(1)(f) of the GDPR for the purpose of enhancing the efficiency of our website and (direct) marketing.
Google Analytics gives us insights into the following data:
- When the website was accessed (month, year, week, day, time of day);
- What devices were used to access the website and what browser and operating system those devices use;
- What individual pages of the website are visited;
- Visitors' regions and languages;
- Visitors' click behavior or click paths, click frequency;
- Dwell times on the individual pages of the website;
- Most-clicked pages on the website;
- Where the website was accessed from (referrer);
- How often the website or its individual pages were called;
- Whether and how visitors return to the website or its individual pages.
You can obtain more information on this tracking tool at: https://support.google.com/analytics
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months, the shortest possible option in the Google Analytics settings. Data whose retention period has been reached is automatically deleted once a month.
3.2.4. Your device and location
When you visit or leave our Services, we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier. If you use our Services from a mobile device, that device will send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.
We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you get a StaffNOW offer request, we track whether you have acted on it and will send you reminders. We also use automatic scanning technology on messages.
3.3. Service development
We seek to create economic opportunities for our Users. We use the data available to us to research social, economic and workplace trends such as assignment availability and skills required for these assignments. This helps bridge the gap in the aircraft maintenance industry talent demand and fulfillment throughout the respective geographic areas. In some cases, we work with trusted third parties to perform such researches, under controls which are designed to protect your privacy. We publish or allow others to publish economic insights, presented as aggregated data rather than personal data. For such statistical purposes only anonymized data will be collected and processed.
4. Data processing
We may evaluate, retain and use the information provided to us (and the data generated) from your use of the Services only and exclusively limited to the following purposes:
4.1. Offer our Service
The main purpose to process personal data is to ensure the functionalities of StaffNOW. If you use StaffNOW, the mentioned depersonalized data (as described in Section 4.6.), as well as information about activities you performed within StaffNOW, may be accessible to other Users.
4.2. Prevent abuse and legal defense
To comply with our legal requirements, enforce our Terms and Conditions, respond to claims that content violates the rights of others, or protect anyone's rights, property or safety, we may use the personal data provided by you.
4.3. Keep you informed
From time to time we may contact you to inform you about critical service updates or other information, which is important to support our Service. We may also contact you to ensure that information we have in our records is accurate or when additional information to complete your profile is required.
4.4. Improve our Services
In order to improve our Service, we may contact you to receive feedback and comments from you about our Services and inquire about any features you would like to see in future offerings. We may also contact you to ask for your satisfaction rate.
4.5. Statistical purposes
We use your data to produce and share aggregated insights, which do not identify you. For example, we may use your data to generate statistics about our Users, their profession or experience level, to publish visitor demographics for a Service or demographic workforce insights, and other.
4.6. Data retention
We retain your personal data while your account is in use and while we provide Services to you. This includes data you or others provided to us and data generated or inferred from your use of our Services. Even if you only use our Services when looking for a new assignment every few years, we will retain your information and keep your profile open until you decide to terminate your account.
In some cases we choose to retain certain information (period of assignment, assignment duration, age range, experience length and level, number of accepted assignments, number of assignments for the separate MROs, charge rate, agency used) in a depersonalized or aggregated form. We may keep data as number of assignments, rates per assignment, work days, agency chosen per assignment, etc. for statistical purposes. However, it will not be linked to a name or other means of identification.
4.7. Data modification
StaffNOW Administration will perform quality checks on each User registered on StaffNOW. The activities aim to validate whether the information in the uploaded documents match the respective text fields and drop down menus (e.g. title, level of certification, experience). If there is inconsistency between what the User has selected in his/hers profile and the documents referring to his/hers qualification, StaffNOW Administration will contact the User and request correction and/or may modify the information on behalf of the User.
5. Rights of data subject
We provide choices about data collection, use and sharing, deleting, correcting, and controlling the visibility of your activities and communication. We offer you settings to control and manage the personal data we have about you.
5.1. Access to personal data (Article 15 of the GDPR)
You have the right to be informed whether your personal data is being processed by us and if this is the case, to what extent. You are able to access your personal data within your user profile and other parts of StaffNOW. If you require information beyond that visible in the application, please contact StaffNOW Administration.
5.2. Rectification of data (Article 16 of the GDPR)
You have the right to rectification of inaccurate personal data. In your profile settings you are able to see, review and change your personal information. Some updates or changes will require an approval from the Administrator. If some information changes over time or you realize you have not included it accurately, please update your information as soon as possible. The e-mail address you used in the registration process can only be modified by StaffNOW Administration. If a change of the e-mail address is required, please contact StaffNOW Administration.
5.3. Erasure of data (Article 17 of the GDPR)
You have the right to erasure of your personal data, processed in StaffNOW ("right to be forgotten"). In case you want to delete your personal data, please contact StaffNOW Administration. We will close your account and make sure that your personal data is deleted within thirty (30) days with the exceptions described in Section 6. The data related to your activities will be depersonalized after the closure of your account, as described under Section 4.6. of this Policy.
5.4. Data portability (Article 20 of the GDPR)
You have the right to data portability, i.e. to receive all personal data that you provided to us in a structured format for your use. In case you want to receive an overview of your personal data, which has been collected in accordance with this Policy, please contact StaffNOW Administration. We will then provide you the requested information within a reasonable period of time.
5.5. Objection (Article 18 of the GDPR)
You have the right to object at any time to processing of personal data concerning you. In order to do so, please contact StaffNOW Administration. We will then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you as the data subject or for the establishment, exercise or defense of legal claims. You especially have the right to object if personal data concerning you is processed for direct marketing purposes. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact StaffNOW Administration or our Data Protection Officer. Please refer to the contact provided in Section 11 of this document.
6. Account closure
If you choose to terminate/close your StaffNOW account, your personal data will generally stop being visible to others on StaffNOW and Services within seven (7) days. We generally delete closed account information within thirty (30) days after request for termination. This period is a general time period. In cases of technical issues, issued messages by StaffNOW for prolonged maintenance or vacation periods, force majeure obstacles, or other, the time period may be extended.
We retain your personal data even after you have terminated your account if necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill your request to "unsubscribe" from further messages from us. We will retain de-personalized information after your account has been terminated.
Information you have shared with other Users or StaffNOW Administration via mails will remain visible for the Users you have shared it with.
At termination of your account also uploaded documents (such as qualification certificates, licenses, etc.) will be deleted from StaffNOW and will no longer be visible and accessible. Any such documents forwarded by StaffNOW Administration to a MRO (when a match for assignment is concluded for the purpose of the respective MRO authorization (quality acceptance of a Contractor for work)), are within the responsibilities of the respective MRO.
7. Data sharing
7.1. Other Users of our services
Only limited information of your profile will be visible to other Users prior to any temporary work assignment agreement. Such information is: name, profile picture, general qualification if applicable (the one you would like to present yourself with to potential MROs) and a short presentation of yourself.
Your profile will be fully visible to registered and authorized MROs, only after an assignment is agreed by both parties, and only to those Users which you have the respective assignment agreed with. Subject to your settings, the limited information can also be restricted for visibility from certain (chosen by you) MROs. However, be aware that your settings, regular updates, detailed information provided, documents provided, degree of calendar availability, etc. impact the visibility of your profile greatly.
Agencies will have access to your limited information (no access to documents will be possible at any time) only after and if you have chosen them as a servicing agency.
7.2. Service providers
We may use third parties to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably as required to perform these tasks on our behalf. They will be obligated not to disclose or use it for other purposes. Such a service provider we are using, for instance, is Google Analytics.
7.3. Legal disclosures
It is possible that we will need to disclose information about you when this is required by law, subpoena, or other legal process or if we have a good belief that disclosure is necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of StaffNOW, our Users, personnel, or others. We attempt to notify Users about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
7.4. Change in control or sale
At LHT we take reasonable technical and organizational measures to guard against unauthorized or unlawful processing of the information collected and against accidental loss or destruction of, or damage to, your personal data. We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that the data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
The present document has been last updated on 08 March 2019.
10. Applicable data protection law and responsible data protection authorities
Applicable data protection law:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,. in short: EU GDPR.
For Germany this regulation is supplemented by the "Bundesdatenschutzgesetz (neu)"
Lufthansa Technik has appointed a data protection officer who can be reached as follows:
In addition to the above stated rights you have the right of an appeal at a supervisory authority. The supervisory authority responsible for Lufthansa Technik AG is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Str 22, 7. OG
Tel.: (040) 4 28 54 - 40 40
Fax: (040) 4 279 - 11811
11. Contact Information
If you have questions or complaints regarding this Policy, please contact StaffNOW Administration.
E-mail address: firstname.lastname@example.org
What Are Cookies
For more general information on cookies see the Wikipedia article on HTTP Cookies.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
The Cookies We Set
Currently, we are not setting cookies ourselves. All the cookies that we use are required from third party integrated solutions in order to make your experience much more convenient.
- Third Party Cookies:
- Account related cookies:
For more information on Keycloak cookies, see the official Keycloak page.
- Login related cookies:
For Login we also use the Keycloack service mentioned above, which sets cookies when you successfully log in our website, so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.
- Google Analytics:
This site uses Google Analytics, which is one of the most widespread and trusted analytics solutions on the web. We use the service for helping us understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
If there is something that you are not sure whether you need or not, it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However, if you are still looking for more information, you can contact us directly by sending a message to: