DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDPA). This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected. We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.
This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller).
We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:
Deutsches Zentrum fuer Luft- und Raumfahrt e. V. (DLR)
Linder Hoehe
51147 Cologne
Telephone: +49 2203 601-0
Email: datenschutz@dlr.de
WWW: https://www.dlr.de
The controller’s appointed data protection officer is:
Uwe Gorschütz, Deutsches Zentrum fuer Luft- und Raumfahrt e. V., Linder Hoehe, 51147 Cologne
Email: datenschutz@dlr.de
Among others, we use the following terms in this Privacy Policy, set out in the General Data Protection Regulation and the Federal Data Protection Act:
1. Personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
3. Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. Controller or data processing controller
Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
8. Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
9. Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
10. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
11.Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1. Scope of processing of personal data
We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.
2. Legal grounds for the processing of personal data
Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6, paragraph 1, part (b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.
Where personal data is processed for compliance with a legal obligation to which our research centre is subject, the legal grounds are set out in Art. 6, paragraph 1, part (c) of the GDPR.
Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6, paragraph 1, part (d) of the GDPR.
Where processing is necessary for the legitimate interests of our research centre or a third party, and where the fundamental rights and freedoms of the data subject do not override the first interests, the legal grounds are set out in Art. 6, paragraph 1, part (f) of the GDPR.
3. Data deletion and duration of data storage
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.
4. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
1. Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.
2. Contact
Request by e-mail, telephone, or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
a) Description and scope of data processing
Our website uses cookies. Cookies are text files placed on the user’s computer system by a browser and stored there.
Numerous websites and servers use cookies. Many cookies contain what is referred to as a cookie ID. A cookie ID is a unique cookie identifier. It consists of a sequence of characters with which Internet pages and servers can be assigned to the Internet browser in which the cookie was stored. This enables visited Internet pages and servers to distinguish the data subject’s individual browser from other Internet browsers containing different cookies. The unique cookie ID is used to recognise and identify a particular Internet browser.
The use of cookies allows DLR to provide visitors to this website more user-friendly services than would be possible without cookies.
We use technically necessary cookies to improve our website’s user friendliness. Some elements on our website make it necessary to recognise the accessing browser when moving from page to page. Cookies can be used to optimise the information and services on our website in the interests of our users. As stated above, cookies allow us to recognise visitors to our website. The purpose of this recognition is to facilitate use of our website by visitors. For instance, visitors to a website that uses cookies do not need to enter login details during each visit, as this information is obtained by the website from the cookie placed on the user’s computer system.
In addition, our website uses cookies to analyse Internet usage by visitors.
The following data can be transferred in this way:
Technical measures are implemented to pseudonymise the data collected from users in this way. It is therefore not possible to associate the data with the accessing user. The data is not stored together with other personal data concerning the user.
An information banner referring users to the use of cookies for analysis purposes is shown when they access our website, and reference to this Privacy Notice is provided. Users are also informed of how to adjust their browser settings in order to prevent the storage of cookies.
Users are informed of our use of cookies for analysis purposes when accessing our website, and their consent to the processing of personal data used in this context is obtained. A reference to this Privacy Notice is provided as well.
The web analysis section contains a detailed description of data processing in connection with the web analysis tools that we use.
b) Legal basis for data processing
i. The legal grounds for the processing of personal data using technically necessary cookies are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).
ii. The legal grounds for the processing of personal data using cookies for analysis purposes with consent of the user are set out in Art. 6, paragraph 1, part (a) of the GDPR.
c) Purpose of data processing
Technically necessary cookies are used to make our website user friendly. Some functions on our website cannot be provided without the use of cookies, as they require that the browser is recognised when moving from page to page.
The user data collected with technically necessary cookies is not used to produce user profiles.
On the use of cookies that are not necessary for technical reasons:
Analysis cookies are used to improve the quality of our website and its contents. Through the use of analysis cookies, we find out how the website is used and are therefore able to optimise our service continuously. A more precise description is contained in the web analysis section of this document.
These purposes represent our legitimate interest in processing personal data according to Art. 6, paragraph 1, part (f) of the GDPR.
e) Duration of storage; right to objection and removal
The data subject can adjust the settings of the Internet browser at any time to prevent our website from placing cookies as described, and therefore block cookies on a permanent basis. In addition, the browser or other software programs can be used to delete cookies that have already been placed at any time. This is possible with all standard Internet browsers. The data subject may not be able to use the full functionality of our website if cookies are disabled in the active Internet browser.
You can change the settings of your Internet browser to disable or restrict the transfer of cookies at any time. Cookies that have already been placed on your computer can be deleted at any time. This can take place automatically. Disabling cookies may prevent you from using the full functionality of our website.
a) Description and scope of data processing
Visitors to our website have the option of subscribing to a free newsletter. The data entered in the input screen while registering for the newsletter is transmitted to us.
The form requests the subscriber’s name and email address:
The following data are also collected during registration and stored in the database:
Your consent to the processing of data is obtained during the registration process, and you are referred to this Privacy Notice.
No data is transferred to third parties in connection with data processing for delivery of the newsletter. The data is used exclusively to deliver the newsletter.
b) Legal basis for data processing
The newsletter is delivered based on registration by the user on our website. The legal basis for processing of the data after registration for the newsletter is, upon receipt of consent by the user, set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
The user’s email address is collected in order to deliver the newsletter.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. Therefore, the user’s email address and first and family names will be stored for as long as the newsletter subscription remains active.
e) Right to objection and removal
The data subject can unsubscribe to the newsletter at any time. Each newsletter includes a suitable link.
a) Description and scope of data processing
Our website includes a contact form that can be used to make contact with us by electronic means. Where a data subject uses this option, the data entered in the input screen will be transferred to us and stored. This applies to the following data:
The following data is stored additionally when sending a message:
Your consent for data processing will be obtained, and you will be referred to this Privacy Notice during the sending process.
Alternatively, it is possible to contact us using the email address provided. The personal data of the user transferred with the email will be stored in this case.
The data is not transferred to third parties in this context. The data is used exclusively for processing the correspondence.
b) Legal basis for data processing
The legal basis for processing of the data in the event that consent has been received from the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
The legal basis for processing of the data sent to us by email is set out in Art. 6, paragraph 1, part (f) of the GDPR. Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Art. 6, paragraph 1, part (b) of the GDPR.
c) Purpose of data processing
We use the personal data you provide in the contact form exclusively to process your enquiry. In the case of contact by email, this represents our necessary, legitimate interest in data processing.
Any other personal data that is processed when you send us the contact form is used to prevent abuse of the contact form and to protect the security of our Information Technology systems.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data entered in the input screen of the contact form and personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively.
Any additional personal data collected during the sending process will be deleted after a maximum of seven days.
e) Right to objection and removal
The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting datenschutz@dlr.de. Correspondence will be discontinued in these cases.
All personal data stored in connection with contacting us will be deleted in this case.
a) Scope of processing of personal data
The controller has integrated components supplied by the company etracker on this website. Etracker is a web analytics service. Web analytics describes the collection and evaluation of data concerning the Internet usage of website visitors. Among others, a web analytics service collects data on the website from which a data subject accessed another website (the referrer), which sub-pages of the website were accessed, how long the data subject remained on a sub-page, and how frequently the sub-pages were visited.
b) Legal basis for the processing of personal data
Data processing takes place based on the legal grounds set out in Art. 6, paragraph 1, part (f) (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our legitimate interest is to optimise our online presence and website.
c) Purpose of data processing
Web analysis is primarily used to optimise a website.
The operating company of etracker is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. The data generated with etracker is exclusively processed and stored in Germany on behalf of the provider of this website and is therefore subject to the strict data protection laws and standards applicable in Germany and Europe. In this regard, etracker has been independently audited, certified and awarded the ePrivacyseal data protection mark of quality. See: https://www.eprivacy.eu/en/customers/awarded-seals/company/etracker-gmbh/.
The privacy of our visitors is particularly important to us, which is why the IP address is anonymised in etracker as early as possible and login or device codes are converted into a unique key that cannot be associated with a particular person. Any other uses, association with other data or transfer to third parties do not take place with etracker.
Etracker places a cookie on the information technology system of the data subject. Cookies have already been explained in the section about cookies. With each visit to one of the individual pages on this website that are operated by the controller and on which an etracker component has been installed, the Internet browser on the Information Technology system of the data subject will be automatically prompted by the respective etracker component to transfer data for the purposes of promotion or optimisation. Within the framework of this technical procedure, etracker obtains knowledge of data that is then used to produce pseudonymised usage profiles. The usage profiles acquired in this way are used to analyse the Internet usage of the data subject that accessed the controller’s website. This information is analysed to improve and optimise the website. The data collected by the etracker component is not used to identify the data subject without their separate and explicit consent. This data is not associated with personal data or other data containing the same pseudonym.
d) Duration of storage
The data is deleted as soon as it is no longer needed for our recording purposes.
e) Right to objection and removal
The data subject can adjust the settings of the Internet browser at any time to prevent the DLR website from placing cookies as described in the section about cookies and therefore to block cookies on a permanent basis. Adjusting the Internet browser in this way would also prevent etracker from placing a cookie on the Information Technology system of the data subject. Moreover, the browser or other software programs can be used to delete cookies that have already been placed by etracker at any time.
The data subject also has the option to object to, and therefore prevent, logging of the data relating to use of the website that is generated by the etracker cookie. The data subject agrees to or refuses the use of etracker cookies when visiting the website for the first time (opt-in solution).
For more information about the etracker privacy policy, visit https://www.etracker.com/en/data-privacy/.
The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that enables video publishers to upload video clips free of charge and that permits other users to view, rate and comment on these videos, also free of charge. YouTube allows the dissemination of all kinds of videos, so that full movies and TV programmes, as well as music videos, trailers and videos produced by users, are accessible on the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each visit to one of the individual pages of this Website that are operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the Information Technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component.
The embedding code for YouTube videos was generated in advanced data privacy mode (for more detailed information in this regard, visit https://support.google.com/youtube/answer/171780).
Further information about YouTube is available at https://www.youtube.com/intl/en/yt/about/. During the course of this technical procedure, YouTube and Google acquire knowledge of the specific sub-page of our website that was visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube recognises – with each visit to a sub-page that contains a YouTube video – which specific sub-page of our website the data subject visited. This information is collected by YouTube and Google and associated with the YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube when visiting our website; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of information to YouTube and Google is not desirable for the data subject, then he or she can prevent this by logging off from their YouTube account before visiting our website.
YouTube’s privacy policy, which is available at https://policies.google.com/privacy, provides information on the collection, processing and use of personal data by YouTube and Google.
The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal basis for processing of the data after consent by the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
We present videos on our website using services such as those provided by Vimeo. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011, USA.
We use Vimeo plugins on some of our webpages. When you visit a page that contains such plugins – for example, our Media Library – a connection is established with the Vimeo servers and the plugin is shown. This provides the Vimeo server with information about the pages you have visited on our website. If you are logged onto Vimeo as a member, then Vimeo will automatically associate this information with your personal user account. When you activate the plugin (for example, by clicking the start button of a video), the corresponding information is also associated with to your user account. You can prevent the automatic association of this information by logging out of your Vimeo account and deleting its cookies before logging onto our website.
For more information about data processing and Vimeo’s privacy policies, visit https://vimeo.com/privacy
The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal grounds for processing of the data after consent by the user are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller in accordance with the provisions set out below: