Privacy Notice External 

Information letter for external parties in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR)

The following information is intended to provide you with a clear overview of processing of your personal data and your associated rights. Which data is processed in detail and how it is used depends largely on the services requested or agreed upon. Therefore, not all statements contained here may apply to you.

In addition, this data protection information may be updated from time to time. You can find the current version at any time on this page. This version from November 05, 2025 currently applies.

I. Identity and contact details of the controller

Eurofighter Jagdflugzeug GmbH
Am Söldnermoos 17
85399 Hallbergmoos

Phone: +49 811 80-0
Email: [email protected]

(here after "we", "us" or "our")

II. Contact details of the data protection officer

c/o activeMind.legal Rechtsanwaltsgesellschaft mbH
Potsdamer Straße 3
80802 Munich

Phone: +49 89 919294-900
E-mail: [email protected]

III. Purposes and legal basis of data processing

1. To fulfil contractual obligations (Art. 6 (1)(b) GDPR)

The processing is necessary for the performance of a contract with you. If you inquire about an offer, data processing will take place at your request and is necessary to carry out pre-contractual measures (e.g. organising and holding meetings).

We use selected functions of Webex (a cloud-based audio/video conferencing solution made available by Cisco Systems, Inc. through Deutsche Telekom GmbH) to organise and hold meetings with external parties. For this purpose the following personal data is used:

  • Name, surname;

  • Email address;

  • Audio/video/presentation material;

  • Phone number;

  • IP address.

2. Due to legal requirements (Art. 6 (1)(c) GDPR)

We are subject to various legal obligations that entail data processing. These include, for example:

  • Tax laws and legal accounting.

  • Requests and requirements from regulatory or law enforcement authorities.

  • Fulfilment of tax control and reporting obligations.

In addition, the disclosure of personal data may be necessary as part of official/judicial measures for the purposes of gathering evidence, criminal prosecution or enforcing civil law claims.

3. As part of the balancing of interests (Art. 6 (1)(f) GDPR)

If necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples of such cases are:

  • Assertion of legal claims and defence in legal disputes;

  • Storage of additional contact persons in the customer relationship management system for communication;

  • Sending advertising emails (e.g. invitations to events, Christmas greetings, etc.), unless processing has been objected to, in the interest of direct advertising.

4. Data processing within the context of events (Art. 6 Para. 1 Letter f GDPR)

We hold events regularly. For this purpose, we process your personal data to organise, execute and enable you to participate in our event. Further information: https://www.eurofighter.com/privacy-notice-for-events.

IV. Legitimate interests pursued

V. Storage period

We process and store your personal data for as long as this is necessary to fulfil our contractual and legal obligations. If the data is no longer required to fulfil contractual or legal obligations, it will be deleted regularly.

Exceptions arise,

  • to the extent that statutory retention obligations must be met, e.g. Commercial Code (Handelsgesetztbuch (HGB)) and Tax Code (Abgabenordnung (AO)), are required. The storage and documentation periods specified there are usually six to ten years;

  • to preserve evidence within the framework of the statutory statute of limitations. According to Sections 195 ff of the Civil Code (Bürgerliches Gesetzbuch (BGB)), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The exceptions mentioned apply here. If you have given your consent, we will store your data until revoked.

VI. Recipients or categories of recipients of the data

  • Inside our company: Employees for contact with you and contractual cooperation (including the fulfilment of pre-contractual measures)

  • Within the framework of order processing: Your data will only be passed on to service providers (processors) if it is necessary to fulfil our contractual tasks. Recipients of personal data can be, for example:

    o   Support or maintenance of IT infrastructure or applications;
    o   Service providers in the context of events;
    o   Accounting;
    o   Data destruction;
    o   Media service providers (e.g. photographer, cameraman, journalists, etc.);
    o   Communication service – Webex.

    All service providers are contractually bound and are particularly obliged to treat your data confidentially.

  • Other third parties: Data will only be passed on to recipients outside of our company in compliance with the applicable data protection regulations. Recipients of personal data can be, for example:

    o   Public bodies and institutions (e.g. financial or law enforcement authorities);
    o   Credit and financial service providers (processing payment transactions);
    o   Tax consultant or business and wage tax and company auditor (statutory audit mandate).

VII. Third country transfer

Your data will only be processed within the European Union and states within the European Economic Area (EEA).

VIII. Information on the rights of data subjects

1. Right of Access (Art. 15 GDPR)

You have the right to request confirmation from the controller as to whether personal data concerning you is being processed. Where this is the case, you are entitled to access the personal data as well as information about its processing.

2. Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you without undue delay. Where necessary, you may also request the completion of incomplete personal data.

3. Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data where one of the grounds specified in Art. 17 GDPR applies.

4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g., if you have objected to the processing, for the duration of the controller’s review.

5. Right to Object (Art. 21 GDPR)

The data subject has the right, on grounds relating to their particular situation, to object at any time to the processing of their personal data by contacting the controller via [email protected] or [email protected]. The controller shall then no longer process the data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing is required for the establishment, exercise, or defence of legal claims (Art. 21 GDPR).

6. Right to Lodge a Complaint (Art. 77 GDPR in conjunction with §19 BDSG (Bundesdatenschutzgesetz/Federal Data Protection Law))

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. You may submit the complaint to the supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.