Privacy Policy

Please read the following document carefully. In this privacy notice, we inform you about the processing of your personal data in connection with the use of the cosmos web application ("App"). Last updated: 12/19/2024

1. The person responsible under the data protection law

The App is operated by Cosmos Solutions GmbH, Brunnenstrasse 19-21, 10119 Berlin, Germany ("Cosmos") as the controller of your personal data within the meaning of the European Union Data Protection Regulation ("GDPR") and the German Federal Data Protection Act ("BDSG"). Full details of the Cosmos Solutions GmbH can be found in the imprint. Information on how to contact the Group Data Protection Officer and the responsible supervisory authority can be found in later sections of this data protection notice.

2. Data processing upon visit of our website

When you visit our website, the following data is processed by us:  

  • Processing of personal data with the consent of the data subject.  
  • Processing of personal data to comply with a legal obligation to which we are subject under any applicable law of the EU or under any applicable law of a country in which the GDPR applies in whole or in part.  
  • Processing of personal data to protect the legitimate interests of us or of third parties, unless the fundamental freedoms and rights and interests of the data subject override these. Legitimate interests include, in particular, our business interest in being able to provide our website, information security, and the enforcement of our own legal claims.

Within and on our website embedded form, the user is asked to enter personal information which will then be processed by us. Some of the information is required, such as your contact details. We keep email communication for 12 months, unless statutory retention periods apply. In this case, we keep the email communication for 6 or 10 years in accordance with the law. Your data will be deleted or (if we are obliged to retain them due to legal conditions or contractual agreements) blocked as soon as the purpose of the data transfer has been fulfilled or if you inform us of your wish to do so.

3. Purposes and legal bases of the processing

a) User contract: The data we collect is processed by us to fulfill the services offered in the App ("usage contract") (Art. 6 para. 1 p.1 lit. b DSGVO - contract performance and pre-contractual measures).

b) Promotional communication: During the registration process or later in your account, you have the option of granting us consent to send you information and individual offers regarding the App's services and to contact us for this purpose by electronic means of communication (e.g. by e-mail, push messages). If you have given us the corresponding consent, we will process your contact data (i.e.name, email address) in order to send you the information and individual offers (Art. 6 para. 1 p. 1 lit. a DSGVO - Consent). You have the right to revoke your consent at any time. For more information on your right of revocation, please refer to section 7 of this data protection notice. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

c) Other purposes: In addition, we process your data for the purpose of fraud prevention and assertion of legal claims (Art. 6 para. 1 p. 1 lit. f DSGVO - safeguarding legitimate interests - entrepreneurial interest in protecting the company against material and immaterial damage).

4. Recipients of your data

To provide our services, we work with carefully selected service providers who act as processors under Art. 28 DSGVO. These providers operate strictly under our instructions and comply with data protection regulations. In certain cases we may need to share limited personal data with partner companies.

If data is transferred to third countries, we ensure appropriate safeguards, such as EU adequacy decisions and standard contractual clauses, in compliance with legal requirements. Additionally, we may be legally obligated to provide data to authorities in specific circumstances (Art. 6 para. 1 p. 1 lit. c DSGVO).

We also use cookies and similar technologies to enhance website functionality, manage your preferences, and ensure compliance with GDPR. Your consent status, anonymized IP address, browser and device information, and consent preferences may be processed and stored for compliance purposes. This data is handled securely and in accordance with legal storage requirements.

5. Duration of storage

We process your data as long as it is necessary for the fulfilment of our contractual and legal obligations. When the purpose for which your data was processed ceases to apply, it will be deleted, unless its retention is required for the following purposes:

  • Fulfilment of retention periods under commercial and tax law, such as those arising from the German Commercial Code or the German Fiscal Code; these periods are up to 10 years.
  • Preservation of evidence within the framework of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years. In these cases, your data will be blocked so that it can no longer be processed for other purposes.

6. Your data subject rights

6.1 Your rights

As a data subject, you may exercise the following rights if the respective legal requirements are met:

  • Right to information, Art. 15 DSGVO
  • Right to rectification, Art. 16 DSGVO
  • Right to erasure ("right to be forgotten"), Art. 17 DSGVO (see also section 11of this Travel ID Privacy Notice)
  • Right to restriction of processing, Art. 18 DSGVO
  • Right to data portability, Art. 20 DSGVO
  • Right of objection, Art. 21 DSGVO (see also section 7 of this Travel ID Privacy Notice).

Insofar as we process your data on the basis of consent, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. To exercise your rights, you can contact us through our website. In order to process your request and identify you, we will process your personal data in accordance with Art. 6(1)(c) DSGVO. To delete your account, you can also proceed as described in section 8 of this privacy notice. In addition, you have the right to lodge a complaint with a supervisory authority, Art. 77 DSGVO.

6.2 Competent supervisory authority

The competent supervisory authority for the Lufthansa Innovation Hub is:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin

Tel.: 0049-30-13889-0
Fax: 0049-30-2155050
Email: mailbox@datenschutz-berlin.de

7. Right of objection according to Art. 21 DSGVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DSGVO. We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications. You may object to the processing of your personal data at any time.

8. Deletion of your account

If you no longer wish to use the services of the App, you can delete your account at any time. Your personal data collected in the course of using the App will then be deleted immediately - subject to conflicting retention reasons and obligations. You can delete your account yourself by contacting us at welcome@lh-innovationhub.com Likewise, we reserve the right to delete your account if you have not used it for 2 years.

9. Cookies

We use cookies and similar technologies to ensure the proper functioning of our website and applications, enhance your browsing experience, support analytics, improve security, and enable certain marketing functions. Cookies are small text files stored on your device, and they may be session-based (deleted when you close your browser) or persistent (stored until they expire or are deleted).

We use the following categories of cookies:
a) Necessary Cookies: Essential for the basic operation of our website, such as logging in or saving preferences. These do not require your consent.
b) Analytics and Performance Cookies: Help us understand how our website is used and improve its functionality.
c) Marketing Cookies: Enable personalized marketing and track the effectiveness of campaigns.

Cookies may collect information about your device, browser, IP address (anonymized where possible), and your interactions with our website.

Legal Basis
Necessary cookies are used based on our legitimate interest in providing a functional and secure website (Art. 6(1)(f) GDPR). Non-essential cookies are used based on your consent (Art. 6(1)(a) GDPR). Consent can be managed or revoked at any time through our cookie management tool.

Third-Party Cookies and Data Transfers
Some cookies are provided by third-party services, which may involve data processing outside the EU. In such cases, we ensure compliance with GDPR requirements through safeguards like EU standard contractual clauses or adequacy decisions.

Managing Cookies
You can manage your cookie preferences or disable certain types of cookies through the cookie settings link available in the footer of our website. Note that disabling certain cookies may impact your experience or functionality.

10. Data security

We use technical and organizational security measures to protect your data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments.