Website Privacy Policy

Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data on our website.

For information on processing your data through our careers section on the website or other careers and recruiting purposes please refer to our Recruitment Privacy Policy https://www.lilium.com/privacy-in-recruiting. For details on processing of data on our social media pages please refer to our Social Media Privacy Policy https://www.lilium.com/social-media-privacy-policy.

I. What is Personal Data?

Personal data is any information relating to an identified or identifiable natural person. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed.

The applicable legal basis for processing data can be found, in particular, in the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).

II. Who is the Controller of my Data? How is my data processed?

The controller (“we/us/our” or “Lilium”) is

Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling, registered with the commercial register of the local court (Amtsgericht) Munich under HRB 216921, represented by the managing director Daniel Wiegand.

email: privacy@lilium.com

phone: +49 (0)151 25388676

We have appointed a data protection officer who may be reached via privacy@lilium.com.

Other controllers processing your data may also be mentioned in this privacy policy.

We offer services on our website www.lilium.com (“Website”) as well as related and further business services (jointly the “Service”). Your data will be used for the following purposes:

  • to provide the functioning Website or Service,
  • to implement the applicable privacy policy and carrying out the contractual relationship and our Service,
  • to analyze your use of our Service and improve our Service with our legitimate interests of marketing and fraud prevention, or
  • as otherwise explained in our applicable privacy policy or by any communication by us.

Furthermore, your data will be processed by us with your explicit consent, for example sending newsletters.

We as well as our external service partners receive your data for processing for the purpose of providing our Service. You provide data if this is necessary for the aforementioned purposes. If you chose to refrain from providing such data, you may face disadvantages, for example, limited or no possibility of using our Service.

III. How is my Data processed when visiting the Website, signing up for the newsletter and when you contact us?

Visiting the Website

If you browse our Website www.lilium.com, the provider of the website automatically collects and stores information in so-called “server-log-files” that your browser transfers to us. These are:

type/version of the browser, system software used, referrer URL, hostname of the device, time of the server request, IP-address or other unique device identifier.

If you are using a mobile device, the following data is additionally collected through the Website:

country code, language, hostname of the device, name and version of the operational system.

We use this data only for statistical analysis, for the purpose of operation, security and optimization of our Website. However, we reserve the right to check this data retrospectively if there is a justified suspicion of illegal use based on concrete indications. This data is then stored because this is the only way to prevent the misuse of our Website and, if necessary, allow us to investigate any crimes committed. The storage of this data is necessary in order to protect us as the person responsible for processing the data. As a matter of principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.

This data processing is based on Art. 6 (1) f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.

We store such data for a maximum period of 7 days.

Newsletter

With the newsletter we inform the user about the Website, our Service and us.

When registering for the newsletter, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).

After registration, you will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.

In case of registration for the newsletter, we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the name and the date of registration.

 

Use of Mailchimp; Transfer of Data outside the EU

The mail provider “Mailchimp” by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA receives and processes on our behalf the data necessary for the order, in particular email address, IP address, device name. These data are processed on servers in the USA. MailChimp is certified according to “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

Mailchimp is a service with which the dispatch of newsletters can be organized and analyzed. With the help of Mailchimp we can analyze our newsletter campaigns. When you open an e-mail sent with Mailchimp, a file contained in the e-mail (so-called web beacon) connects to the Mailchimp servers in the USA. This allows Mailchimp and/or us to determine whether a newsletter message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want Mailchimp to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a respective link in every newsletter.

Details on Mailchimp and its privacy policy can be found here: https://mailchimp.com/legal/privacy/

The data stored for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes remain unaffected.

OPT-OUT: You can withdraw your consent to the storage of data, the email address and their respective use for sending the newsletter at any time. This can be done free of charge (except for the transmission costs) and via a link in the newsletter itself or notification to us or, if applicable, to Mailchimp.

Contacting us

When contacting us via email, your details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or Art. 6 (1) b. GDPR based on a pre-contractual or existing contract relationship. For sending emails we may also use the services by Mailchimp. For more details please refer to “Use of Mailchimp; Transfer of Data outside the EU” above.

IV. Does automated processing incl. “Profiling” take place?

In general, we do not process any data via automated processing incl. “profiling” making via the Website or Service. However, such profiling may happen by third party providers through the Website or Service. We will inform you about such fact if possible.

Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is admissible under Union or Member State law to which the data controller is subject and where such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) is taken with the data subject’s express consent. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data subject, to state his own position and to challenge the decision.

V. What Third Party Services, Cookies, Analytics and Links to Social Networks does the Website use?

Cookies

In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”) containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.

The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the user relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.

OPT-OUT: You can deactivate the use of Cookies in the settings of your browser at any time. To find out how to change the settings, please consult the help function of your browser. You may also deactivate and manage a lot of online Cookies by different businesses on the US-website http://www.aboutads.info/choices/ or the EU-website http://www.youronlinechoices.com/uk/your-ad-choices/. However, we want to point out that without Cookies the use and comfort of use of our services may be restricted.

Google Analytics

We use Google Analytics, a web analytics tool offered by Google (inter alia Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA) (“Google“). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google servers in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.

If personal data are processed this is based on our legitimate interests of marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.

OPT-OUT: Adjusting the settings of your browser software can prevent the use of cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the “cookies” in relation to the use of this website, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=en.

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws.

You can also find more information in Google’s privacy policy https://www.google.com/policies/privacy/.

Campaign Manager

This Website uses Google’s (by inter alia Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, Mountain View, CA, USA) online marketing tool Campaign Manager (Double Click). Campaign Manager uses cookies to serve ads relevant for you or our users, to improve campaign performance reports, or to prevent you/them from seeing the same ads more than once. Such ads may come from Google or other third parties. Third-party vendors, including Google, use cookies to serve ads based on a user’s prior visits to the Website. Google uses a cookie ID to track which ads appear in which browser, thereby preventing them from appearing more than once. In addition, Campaign Manager can use cookie IDs to collect conversions related to ad requests. This is the case, for example, when you or a user sees a Campaign Manager ad and later visits the advertiser’s website with the same browser and buys something there. According to Google, Campaign Manager cookies do not contain any personally identifiable information.

Because of the marketing tools used, your browser automatically connects directly to Google’s server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Campaign Manager, Google receives the information that you have called the relevant part of our Website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.

In addition, the Campaign Manager cookies used enable us to understand whether you are performing any actions on our Website after you have accessed or clicked on one of our display/video ads on Google or another platform via Campaign Manager (conversion tracking). Campaign Manager uses this cookie to understand the content that you have interacted with on our Website in order to send you targeted advertisements later.

The legal basis for such data processing is your consent (Art. 6 (1) a. GDPR) or our legitimate interests of marketing and quality assurance purposes (Art. 6 (1) f. GDPR or TMG).

OPT-OUT: You can prevent participation in this tracking process by setting your browser software accordingly; or by disabling conversion tracking cookies by setting your browser to block cookies from the www.googleadservices.com domain, https://www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies; or by disabling the interest-based ads of the providers that are part of the ‘About Ads’ self-regulatory campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; or by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin; or by setting the appropriate cookies setting. We would like to point out that in this case you may not be able to use all functions of our Website to their full extent.

In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=en.

For users who have their usual residence in the European Economic Area or Switzerland, Google Ireland Limited is the data controller for your data, unless otherwise stated in the privacy notices of a particular service. Google Ireland Limited is therefore the company affiliated with Google which is responsible for processing your data and complying with applicable data protection laws.

For more information about Campaign Manager, please visit https://www.google.de/doubleclick and Google’s privacy policy https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org

Links to Social Networks

The Website is connected via links to the social networks Facebook, Twitter, Instagram, YouTube and LinkedIn. For further information on the use of data via the social networks please refer to our social media privacy policy https://www.lilium.com/social-media-privacy-policy.

Greenhouse

We use Greenhouse for managing applications through our website. For further information on the use of data via Greenhouse please refer to our recruitment privacy policy https://www.lilium.com/privacy-in-recruiting

 

 

VI. Is my Data transferred to Third Parties?

We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.

VII. Is my Data transferred outside the EU?

When using our Website and Service, your data may be transferred to countries outside the EU because of the use of third-party providers.

Use of Services on the Website that process data outside the EU

When visiting the Website, data may be transferred to countries outside the EU, for example when we use a Google service (see Google Analytics / Campaign Manager above) and/or a social networks service. The US companies providing the services of Facebook, Instagram, Google/YouTube, Twitter and LinkedIn are certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For more information on Privacy Shield please refer to https://www.privacyshield.gov/.

Further Third-Party Providers that process data outside the EU

Data is transferred outside the EU due to the integration of cloud and hosting services who work on our behalf and assist us in carrying out our business activities (legal basis Art. 6 (1) b. or f. GDPR) or you explicit consent (legal basis Art. 6 (1) a. GDPR).

We use the service by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting your data provided through the Website or Service, whereas data might be processed in the USA. AWS is certified according to EU-US-Privacy-Shield and complies with data protection standards applicable in the EU. For further information please refer to https://aws.amazon.com/compliance/eu-data-protection/ and https://aws.amazon.com/compliance/germany-data-protection/

For sending emails and newsletters we use the services by Mailchimp. For more details please refer to “Use of Mailchimp; Transfer of Data outside the EU” listed in section III. above.

For more information please refer to privacy@lilium.com.

VIII. Your Rights

Your Rights

In accordance with the statutory provisions, you as the data subject have the right to receive information about your data stored by us free of charge at any time. 

In addition, you can assert your rights to correction, deletion or restriction of the processing or the right to object at any time. This also applies to your right to receive your data in a structured, current and machine-readable format or (if applicable) to request the transmission to another person responsible (data portability).

If you have provided us with your personal data on the basis of a consent, you can withdraw the consent at any time for the future.

These aforementioned rights may be exercised any time via email to privacy@lilium.com.

You or the person affected also have the right to lodge a complaint with a supervisory authority at your choice (for example: https://www.datenschutz-bayern.de/vorstell/impressum.html). An overview of the Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

 

IX. Duration of data processing and Deletion Periods

As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of long-term contractual relationships, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).

This privacy policy as well as our other privacy policies contain specific periods for data storage.

Criteria for the storage period include whether the data is still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

X. Data Security; Access and Changes to this Privacy Policy; Contact

Data Security

We have installed technical and organizational measures in order to safeguard our Website and/or Service against loss, destruction, access, changes or the distribution of your data by unauthorized persons.

The Website is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.

We will store your data on servers, which are located within the European Union and, as applicable and set forth in this privacy policy, in the USA.

Access and Changes to this Privacy Policy

This privacy policy is accessible via our website at https://www.lilium.com/privacy-policy and may be downloaded and printed anytime.

We reserve the right to change the regulations of this privacy policy as well as our additional privacy policies at any time, taking into account currently applicable data protection provisions. In case of any changes, you will be notified and you will have to agree to the modified provisions.

Contact

For any inquiries and additional questions about processing personal data please contact privacy@lilium.com.