Information about Data Protection

DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDPA). This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected. We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.

This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller).

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Name and address of the controller

The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:

Deutsches Zentrum fuer Luft- und Raumfahrt e. V. (DLR)
Linder Hoehe
51147 Cologne

Telephone: +49 2203 601-0
Email: datenschutz@dlr.de
WWW: https://www.dlr.de

Name and address of the data protection officer

The controller’s appointed data protection officer is:

Uwe Gorschütz, Deutsches Zentrum fuer Luft- und Raumfahrt e. V., Linder Hoehe, 51147 Cologne
Email: datenschutz@dlr.de

Definition of terms

Among others, we use the following terms in this Privacy Policy, set out in the General Data Protection Regulation and the Federal Data Protection Act:

1. Personal data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or data processing controller

Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11.Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

General information on data processing

1. Scope of processing of personal data

We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.

2. Legal grounds for the processing of personal data

Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6, paragraph 1, part (b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.

Where personal data is processed for compliance with a legal obligation to which our research centre is subject, the legal grounds are set out in Art. 6, paragraph 1, part (c) of the GDPR.

Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6, paragraph 1, part (d) of the GDPR.

Where processing is necessary for the legitimate interests of our research centre or a third party, and where the fundamental rights and freedoms of the data subject do not override the first interests, the legal grounds are set out in Art. 6, paragraph 1, part (f) of the GDPR.

3. Data deletion and duration of data storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.

4. Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Processing operations

1. Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.

2. Contact

Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller in accordance with the provisions set out below:

  1. in accordance with Art. 15 GDPR, you can request information about the personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period and the existence of the rights explained in this section 4 and 6.
  2. in accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.
  3. in accordance with Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or even potential defence of legal claims.
  4. in accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute its accuracy, if the processing is unlawful but you refuse to delete it and we no longer need the personal data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.
  5. in accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller
  6. in accordance with Art. 7 para. 3 GDPR, you can revoke any consent you have given us under data protection law at any time. As a result, we may no longer continue the data processing that was based on this consent in the future.
  7. Right to object pursuant to Art. 21 GDPR
    If personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21 para. 6 of the GDPR.
  8. In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the controller is available for this purpose.
PTo exercise these rights, please contact the office specified in Section I. or II.