Privacy Policy

Below we provide you with an overview of what data we collect for what purpose and how we ensure the protection of the data in short and in a more detailed form.

The controller is Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling, registered with the commercial register of the local court (Amtsgericht) Munich under HRB 216921, represented by the managing director Daniel Wiegand (“we/us/our” or “Lilium”). We offer services to our users’ (the “User/you/your”) on our website www.lilium.com (“Website”) as well as related and further business services (jointly the “Service”).

For any questions about data protection you may contact us via privacy@lilium.com.

In Short

Controller / Data Protection Officer

Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling, registered with the commercial register of the local court (Amtsgericht) Munich under HRB 216921, represented by the managing director Daniel Wiegand, Email: privacy@lilium.com, Tel.: +49 (0)151 25388676

We have appointed a data protection officer who may be reached via privacy@lilium.com.

Purpose and Legal Basis of Processing Data; Provision and Recipients of Data

Your data will be used for the following purposes:

  • to provide the functioning Website,
  • to implement this privacy policy and carrying out the contractual relationship and our Service,
  • to analyze your use of our Service and improve our Service with our legitimate interests of marketing and fraud prevention, or
  • as otherwise explained in this privacy policy or by any communication by us. Furthermore, your data will be processed by us with your explicit consent for the purpose of
  • using the careers-section on the Website via the service of greenhouse.io, or
  • for sending newsletters.

Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG). We as well as our external service partners receive your data for processing those for the purpose of providing our Service. You provide data if this is necessary for the aforementioned purposes. In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Service.

Period for Storing Data; Deletion

The data are deleted if such data are no longer necessary for the purpose of processing.

Automated Decision making („profiling“)

In general we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such profiling may happen by third party providers through the Website or Service. We will inform you about such fact if possible.

Data Security

We have implemented sufficient measures to ensure data and IT security. The Website is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.

More Detailed Information

  1. I. What are Personal Data?
  2. II. How are my Data processed when visiting the Website, signing up for the newsletter and you contacting us? Does “Profiling” take place?
  3. III. How are my Data processed when using the Lilium-”Careers”-Section?
  4. IV. What Third Party Services, Cookies, Analytics and Links to Social Networks does the Website use?
  5. V. Are my Data transferred to Third Parties?
  6. VI. Are my Data transferred outside the EU?
  7. VII. Your Rights: Right to access, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
  8. VIII. Data Security; Access and Changes to this Privacy Policy; Contact Details
I. What are Personal Data?

Personal data are any information relating to an identified or identifiable natural person. Personal data includes e.g. name, email address or telephone number. Personal data also includes information about hobbies, memberships or websites viewed. We will only collect, use and/or pass on personal data if this is permitted by law or if the User consents to the data processing.

II. How are my Data processed when visiting the Website, signing up for the newsletter and you contacting us? Does “Profiling” take place?
Visiting the Website

If you browse our website www.lilium.com the provider of the website collects and stores information automatically in so-called “server-log-files” that your browser transfers to us.

These are: type/version of the browser, system software used, referrer URL, hostname of the device, time of the server request, IP-address or other unique device identifier

If you are using a mobile device the following data are collected additionally through the Website: country code, language, hostname of the device, name and version of the operational system

We use these data only for statistical analysis for the purpose of operation, security and optimization of our Website. However, we reserve the right to check these data retrospectively if there is a justified suspicion of illegal use based on concrete indications. These data is then stored because this is the only way to prevent the misuse of our Website and, if necessary, allow us to investigate any crimes committed. The storage of these data is necessary in order to protect us as the person responsible for processing the data. As a matter of principle, these data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.

This data processing is based on Art. 6 (1) f. GDPR or TMG and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.

Newsletter

With the newsletter we inform the user about the Website, our Service and us.

When registering for the newsletter, a User has to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below).

After registration, the user will receive an email to confirm the registration (“double opt-in”). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter according to Art. 6 (1) a. GDPR and we may process such data accordingly.

In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration.

Use of Mailchimp; Transfer of Data outside the EU

The mail provider “Mailchimp” by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA receives and processes on our behalf the data necessary for the order, in particular email address, IP address, device name. These data are processed on servers in the USA. MailChimp is certified according to “privacy shield”. The “privacy shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

Mailchimp is a service with which the dispatch of newsletters can be organized and analyzed. With the help of Mailchimp we can analyze our newsletter campaigns. When you open an e-mail sent with Mailchimp, a file contained in the e-mail (so-called web beacon) connects to the Mailchimp servers in the USA. This allows you to determine whether a newsletter message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want Mailchimp to analyze your data, you must unsubscribe from the newsletter. For this purpose, we provide a respective link in every newsletter.

Details on Mailchimp and its privacy policy can be found here

The data are stored for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email address for the use of the Software) remain unaffected.

OPT-OUT: The User can withdraw his or her consent to the storage of data, the email address and their respective use for sending the newsletter at any time. This can be done free of charge (except for the transmission costs) and via a link in the newsletter itself or notification to us or, if applicable, to Mailchimp.

Contacting us

When contacting us via email, the User’s details are stored for the purpose of processing the enquiry and, if applicable, follow-up questions based on your consent based on the legal basis of Art. 6 (1) a. GDPR or Art. 6 (1) b. GDPR based on a pre-contractual or existing contract relationship. For sending emails we may also use the services by Mailchimp link.

Automated Decision Making (“Profiling”)

In general we do not process any data via “profiling” or in form of automated decision making via the Website or Service. However, such profiling may happen by third party providers through the Website or Service. We will inform you about such fact if possible.

Profiling means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person. Examples of such profiling include the analysis of data (e.g. based on statistical methods) with the aim of displaying personalized advertising to the user or giving shopping tips. The data subject shall not be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him or her in a similar manner. This shall not apply where the decision (i) is necessary for the conclusion or performance of a contract between the data subject and the data controller, (ii) is admissible under Union or Member State law to which the data controller is subject and where such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (iii) is taken with the data subject’s express consent. In such exceptional cases, the person responsible shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the data subject, to state his own position and to challenge the decision.

III. How are my Data processed when using the Lilium-”Careers” Section?

For the purpose of receiving and managing job applications via our Website via careers, we use the services of Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA (“Greenhouse Software”). In the careers section of our Website interested individuals are forwarded to the Greenhouse Software website www.greenhouse.io and may apply for job openings and submit and/or upload related personal information, such as name, email address, LinkedIn-profile, CV and personal documents, information why to join

Such data will only be processed on servers outside the European Union (EU) and provided to us or the Greenhouse Software after you clicked the respective ‘submit application’ button on the Greenhouse website www.greenhouse.io.

Please note, that via using such services of Greenhouse Software your submitted data might be transferred outside the European Union (EU) and a sufficient data protection level due to German/European law may not be guaranteed. For further information please contact info@greenhouse.io. The privacy policy of Greenhouse Software may be found here

We or Greenhouse Software will use your submitted data for the Lilium “Careers” to implement this privacy policy and carrying out your application (in form of a contractual relationship) based on your explicit consent, Art. 6 (1) a. GDPR.

OPT-OUT: You can withdraw his or her consent to the storage of data, the email address and their respective use for sending the newsletter at any time. This can be done free of charge (except for the transmission costs) and via a link in the newsletter itself or notification to us or, if applicable, to Greenhouse Software.

If you do not wish to use the services of Greenhouse Software, you may also submit your application to us via post to the contact details set forth on the Website.

IV. What Third Party Services, Cookies, Analytics and Links to Social Networks does the Website use?
Cookies

In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”) containing information to identify returning visitors for the time of their visit to our Website. Cookies are usually saved on your device and do not cause any harm. Cookies facilitate the transfer of specific content, such as entering data, which has already been supplied, and help us identify popular sections of our Website.

The processing of data when using Cookies is based on our legitimate interests of a statistical analysis of the User relationship for marketing and quality assurance purposes according to Art. 6 (1) f. GDPR or TMG.

OPT-OUT: You can deactivate the use of Cookies in the settings of your browser at any time. To find out how to change the settings, please consult the help function of your browser. Users may also deactivate [add link] and manage a lot of online Cookies by different businesses on the US-website http://www.aboutads.info/choices/ or the EU-website http://www.youronlinechoices.com/uk/your-ad-choices/. However, we want to point out that without Cookies the use and comfort of use of our services may be restricted.

Google Analytics

We use Google Analytics a web analytics tool offered by Google LLC, Mountain View, CA, USA (“Google“). This analysis service uses so-called “cookies”. For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.

Adjusting the settings of your browser software can prevent the use of cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the “cookies” in relation to the use of this website, by downloading and installing the browser plugin available at the following link

We point out that an automated decision making ("profiling") (see also “Automated Decision Making (“Profiling”)” above) can take place when integrating Google and an existing Google account.

OPT-OUT: https://adssettings.google.com/authenticated

Links to Social Networks

The Website is connected via links to the social networks Facebook, Twitter, Youtube and LinkedIn. The links to such social networks included on our Website are not integrated via a so-called social plugin but only contain a HTTP link to our Facebook, Twitter, Youtube and LinkedIn pages. When you visit our Website, no direct connection is established with the servers of such social networks.

V. Are my Data transferred to Third Parties?

We will transfer your personal data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or, if applicable, legal provisions authorize the transfer or if you give your explicit consent.

VI. Are my Data transferred outside the EU?

When using our Website and Service your data may be transferred to countries outside the EU because of the use of third party providers.

Use of Services on the Website that process data outside the EU

When visiting the Website data may be transferred to countries outside the EU whereas the services by Google as well as the “Links to Social Networks” Facebook, Youtube, Twitter and LinkedIn are affected. The US companies providing the services of Facebook, Google/Youtube, Twitter and LinkedIn are certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

Use of Greenhouse Software that processes data outside the EU

Via using the services of Greenhouse Software your submitted data might be transferred outside the European Union (EU) and a sufficient data protection level due to German/European law may not be guaranteed.

Further Third Party Providers that process data outside the EU

Data is transferred outside the EU due to the integration of cloud and hosting services who work on our behalf and assist us in carrying out our business activities (legal basis Art. 6 (1) b. or f. GDPR) or you explicit consent (legal basis Art. 6 (1) a. GDPR).

We use the service by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA for the purpose of hosting your data provided through the Website or Service, whereas data might be processed in the USA. AWS is certified according to EU-US-Privacy-Shield and complies with data protection standards applicable in the EU. For further information please refer to https://aws.amazon.com/compliance/eu-data-protection/ and https://aws.amazon.com/compliance/germany-data-protection/

For sending emails and newsletters we use the services by Mailchimp.

For more information please refer to privacy@lilium.com

VII. Your Rights: Right to access, rectification and erasure; right to restriction of processing, right to withdraw, right to data portability, right to lodge a complaint
Right to Access

Every user has the right to be informed at any time and free of charge about the personal data stored about him/her. For further information, the user can contact privacy@lilium.com.

This right of access includes confirmation as to whether or not personal data is processed on the data subject and, if so, the detailed information about such processing.

The right to information does not exist if the data are only stored because they may not be deleted due to legal or statutory storage regulations, or only serve the purpose of data protection or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by appropriate technical and organisational measures.

Right to withdraw consent

Every user has the right to withdraw his or her consent regarding the use, processing or transmission of his/her data at any time with effect for the future when such data processing is based in your consent. For this purpose the user can contact privacy@lilium.com.

In the event of withdrawing the consent, we will no longer process and immediately delete the stored data of the user. This does not apply if we can prove compelling grounds for processing that are worthy of protection and which outweigh the interests, rights and freedoms of the respective user or in case the processing serves to assert, exercise or defend legal claims. For example, we will continue to use data if it is still necessary for the implementation of the contractual relationship.

Correction and completion of data

The user or data subject has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact privacy@lilium.com at any time.

Erasure (“right to be forgotten”)

The user has the right to have us delete any personal data concerning him/her that we store. For this purpose the user can contact privacy@lilium.com.

Immediate deletion shall be effected in the following cases:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The data subject revokes his or her consent on which the processing was based and there is no other legal basis for processing;
  • The data subject objects to the processing operation and there are no overriding legitimate reasons for the processing operation;
  • The personal data was processed illegally;
  • Deletion of personal data is necessary to fulfil a legal obligation under the law of the European Union or the law of the Member States to which the data controller is subject;

The personal data have been collected in relation to information society services directly from a child under the age of sixteen, or rather without consent of the parental responsibility.

In the event of termination of the user relationship, the user's data will be regularly deleted from the internal database. Data shall be excluded from deletion if, for example, processing of data is necessary for asserting, exercising or defending legal claims; e.g., performance of the contract with us or if there are legal retention periods that prevent deletion.

In the case of non-automated data processing, deletion is also not necessary if this would not be possible due to the special type of storage or would only be possible at disproportionately high expense and the interest of the Employee in the deletion is to be regarded as minimal. The deletion is then replaced by the restriction of processing.

Furthermore, we carry out a restriction of the processing and no deletion of the data, as long as and insofar as we have the reason to assume that a deletion would impair your interests worthy of protection or those of the person affected. In so doing, we will inform you or the affected person of the restriction on processing, provided that such information does not prove to be impossible or would require a disproportionate effort.

Restriction of processing

You also have the right to demand that the processing be restricted. For this purpose you can contact privacy@lilium.com.

You can only successfully enforce the right to restrict processing if one of the following prerequisites is met: (ii) processing is unlawful and the data subject refuses to allow the deletion of the personal data and instead requires a restriction on the use of the personal data; (iii) the data controller no longer needs the personal data for the purpose of processing, but the data subject needs it for the purpose of asserting, exercising or defending legal claims; or (iv) the data subject has lodged an objection to the processing until it has been established whether the legitimate grounds of the data controller outweigh those of the data subject.

In the event that you have obtained a restriction on processing, we will inform you accordingly before the restriction is lifted.

In certain cases, the processing may also be restricted instead of the data being deleted. See also, in particular, the previous point “Deletion (“right to be forgotten”)” [add link].

Right to data portability

You have the right to receive any personal data you have provided to us in a structured, current and machine-readable format. For this purpose you can contact privacy@lilium.com.

You also have the right to data portability vis-à-vis another controller, provided that the processing is based on a consent or on a contract to which the data subject is a party and that the processing is carried out by means of automated procedures.

When exercising your right to data portability, you have the right to obtain the personal data to be transmitted directly by one person in charge to another person in charge, as far as this is technically feasible. This right shall not apply where the rights and freedoms of other persons are adversely affected or where processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

Right to lodge a complaint

Each user has a right to lodge a complaint vis-á-vis a supervisory authority of his/her choice.

An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Duration of the storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary for the execution of the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of long-term contractual relationships, such as the use of our Offer, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to the inventory data, to the maximum legal retention periods (e.g. in accordance with the German Commercial Code (Handelsgesetzbuch, HGB) and the Tax Code (Abgabenordnung, AO)).

Criteria for the storage period include whether the data are still up-to-date, whether the contractual relationship with us still exists, whether an inquiry has already been processed, whether a process has been completed or not, and whether legal retention periods for the personal data concerned are relevant or not.

VIII. Data Security; Access and Changes to this Privacy Policy; Contact Details
Data Security

We have installed technical and organizational measures in order to safeguard our Website and/or Service against loss, destruction, access, changes or the distribution of your data by unauthorized persons.

The Website is operated through a safe SSL-connection. If an SSL-connection is activated third parties are prevented from reading any data that are transferred by you to us.

We will store your data on servers, which are located within the European Union and, as applicable and set forth in this privacy policy, in the USA.

Access and Changes to this Privacy Policy

This privacy policy is accessible via our Website as well as the Service more/privacy and may be downloaded and printed anytime.

We reserve the right to change the regulations of this privacy policy at any time, taking into account currently applicable data protection provisions. In case of any changes, you will be notified and you will have to agree to the modified provisions.

Contact Details

For any inquiries and additional questions about processing personal data please contact privacy@lilium.com

Further details may be found here: https://lilium.com/imprint/

We have appointed a data protection officer who may be reached via privacy@lilium.com.