A clear photo of the affected passengers holding their ID next to their face
Jul 9, 19, 3:49 pm
#91
Join Date: Apr 2008
Location: Gdynia, Poland
Posts: 603
What I don't understand is, why LH refuses to accept other methods of verification. My wife submitted EU261 claim due to cancelled flight. They accepted the claim but asked for the photo, which is reason of this discussion. As my wife is in Germany at the moment, we offered that she would visit one of LH's offices there in order to let them verify her identity. Such method seems to be much more reliable than verification on basis of photo and, what's equally important, doesn't give any reasons to be afraid of identity theft. Unfortunately, they refused because they have to act according to the new policy. I don't see any logic in it.
Last edited by tropikey; Jul 9, 19 at 10:43 pm
Jul 10, 19, 4:59 am
#92
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Sapphire (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 5,059
I sent the following email as a reply to both Customer Relations and to the following e-mail:
Group Data Protection Officer for the Lufthansa Group
Dr. Barbara Kirchberg-Lennartz
E-Mail: [email protected]
Group Data Protection Officer for the Lufthansa Group
Dr. Barbara Kirchberg-Lennartz
E-Mail: [email protected]
Sir/Madam and Dr. Barbara Kirchberg-Lennartz,
Your request to provide a picture of my face while holding my ID has several issues:
- There is no explanation of the lawful basis used for such a request (Article 6.1 of GDPR)
- There are no information about where this personal data will be stored, for how long and no explanation about my rights to correct, access or delete it and more , as detailed in Article 13 of the GDPR
- There was no provision in the Terms and Conditions of the booking made with Lufthansa that I should provide such information in case of financial claim following EC261 regulations.
- I consider this request disproportionate compared to the goal, as it is a possible source for identity theft.
Following those, I refuse to provide this information without further detailed explanation. I consider this should not block or slow my request for compensation as outlined in case Feedback ID XYZ. I will provide the booking confirmation and boarding pass separately using the feedback form.
Best regards,
Your request to provide a picture of my face while holding my ID has several issues:
- There is no explanation of the lawful basis used for such a request (Article 6.1 of GDPR)
- There are no information about where this personal data will be stored, for how long and no explanation about my rights to correct, access or delete it and more , as detailed in Article 13 of the GDPR
- There was no provision in the Terms and Conditions of the booking made with Lufthansa that I should provide such information in case of financial claim following EC261 regulations.
- I consider this request disproportionate compared to the goal, as it is a possible source for identity theft.
Following those, I refuse to provide this information without further detailed explanation. I consider this should not block or slow my request for compensation as outlined in case Feedback ID XYZ. I will provide the booking confirmation and boarding pass separately using the feedback form.
Best regards,
Jul 10, 19, 2:15 pm
#93
Join Date: Sep 2013
Posts: 2,164
Originally Posted by tropikey
What I don't understand is, why LH refuses to accept other methods of verification. My wife submitted EU261 claim due to cancelled flight. They accepted the claim but asked for the photo, which is reason of this discussion. As my wife is in Germany at the moment, we offered that she would visit one of LH's offices there in order to let them verify her identity. Such method seems to be much more reliable than verification on basis of photo and, what's equally important, doesn't give any reasons to be afraid of identity theft. Unfortunately, they refused because they have to act according to the new policy. I don't see any logic in it.
I have yet to experience the request myself but I won't be happy when/if it happens to me.
Jul 11, 19, 2:13 am
#94
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Sapphire (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 5,059
Originally Posted by fransknorge
I sent the following email as a reply to both Customer Relations and to the following e-mail:
Group Data Protection Officer for the Lufthansa Group
Dr. Barbara Kirchberg-Lennartz
E-Mail: [email protected]
Group Data Protection Officer for the Lufthansa Group
Dr. Barbara Kirchberg-Lennartz
E-Mail: [email protected]
thank you for your e-mail. We have forwarded your e-mail to the Customer Relations department and you will receive an answer from there.
Kind regards
Deutsche Lufthansa AG
Group Data Protection
Kind regards
Deutsche Lufthansa AG
Group Data Protection
Jul 11, 19, 9:31 am
#95
Original Poster
Join Date: Aug 2005
Programs: UA*G(1K), PC Diamond Amb, Marriott Titanium, Accor Platinum
Posts: 4,644
Originally Posted by fransknorge
I am not sure whether it is purely technical to have all conversations in their CRM software and the DPO will properly answer from CR or if she basically is saying "I do not care". I give them a month to answer and process the EC261 request. If not then I will contact the Rheinland Pfalz DPO.
HTB.
Jul 13, 19, 12:45 pm
#96
Join Date: Mar 2018
Posts: 142
Originally Posted by htb
Is this standard procedure or is someone attempting to make me jump through loops? I find it is highly unusual that anything but a copy of my ID (if at all) would be necessary to initiate the re-imbursement.
HTB.
HTB.
However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
Jul 13, 19, 6:18 pm
#97
Original Poster
Join Date: Aug 2005
Programs: UA*G(1K), PC Diamond Amb, Marriott Titanium, Accor Platinum
Posts: 4,644
Originally Posted by mhrb
This is very common in certain industries in Europe and has been for about 2-3 years now. It's not illegal in any way.
Originally Posted by mhrb
However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
HTB.
Jul 14, 19, 3:18 am
#98
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Sapphire (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 5,059
Originally Posted by mhrb
This is very common in certain industries in Europe and has been for about 2-3 years now. It's not illegal in any way.
However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
However, you can usually get around it by explaining why it's not necessary for compliance before telling them to do one if you have any cojones.
Jul 14, 19, 5:27 am
#99
Join Date: Mar 2018
Posts: 142
Originally Posted by fransknorge
Which industries and where ? The postID thing in Germany is different as it actually is secure (somewhat).
Originally Posted by htb
I don't understand what you are trying to say here.
Jul 14, 19, 9:45 am
#100
Original Poster
Join Date: Aug 2005
Programs: UA*G(1K), PC Diamond Amb, Marriott Titanium, Accor Platinum
Posts: 4,644
Originally Posted by mhrb
Any business dealing with Politically Exposed Persons or money laundering. In multiple EU countries in my experience. Usually they do employ an official provider who is more likely to keep things secure.
Originally Posted by mhrb
It's trivial to avoid if you have any spine.
HTB.
Jul 14, 19, 9:56 am
#101
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Sapphire (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 5,059
You involve regulatory authorities. This is my intent if LH does not give me a satisfactory answer on how this conforms to GDPR within a sensible time frame.
Jul 14, 19, 10:27 am
#102
Join Date: Mar 2018
Posts: 142
Originally Posted by htb
So completely unusual for a customer service department of an airline Thank you for confirming.
However, many many business work with money laundering regs and probably just as many have to be aware of when their clients are PEPs. I wouldn't necessarily exclude airlines based upon what I've said.
Originally Posted by htb
No need to become personal. So how would you do this? The difference here is that the customer service department has absolutely no interest in doing business with customers who want money back.
HTB.
HTB.
You asked me for a paraphrasing so I simply gave one. There was nothing personal nor was it directed at anyone and especially not you.
I already explained how to do it in my other post.
(Why do you think that's different from any other situation where you're asked for verification like this?)
Jul 14, 19, 10:31 am
#103
Join Date: Mar 2018
Posts: 142
Originally Posted by fransknorge
You involve regulatory authorities. This is my intent if LH does not give me a satisfactory answer on how this conforms to GDPR within a sensible time frame.
Jul 14, 19, 12:42 pm
#104
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Sapphire (BA), *A Gold (A3), Le Club Accor Gold, HHonor Diamond
Posts: 5,059
Really, could you please post the ICO conclusions pertaining to Lufthansa asking this for a reimbursement or paiement of compensation in an automatic email without any link to the DPO or information about goals, storage, etc .... ?
