DLR takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. As a registered association under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR) and the Gernab Federal Data Protrction Act (BDSG) as well as the German Telemedia Act (TMG). We have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by external service providers.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses an SSL-encrypted connection. TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Name and address of the person responsible
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
German Aerospace Center (DLR) Linder height 51147 Cologne
Uwe Gorschütz, German Aerospace Center, Linder Höhe, 51147 Cologne E-Mail: datenschutz@dlr.de
III Definitions
In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this Privacy Policy:
Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Person concerned
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Receiver
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.
Third
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
General information on data processing
Scope of the processing of personal data
We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our research center is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our research center or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.
Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Hosting
external hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster processes your data only to the extent necessary to fulfill its service obligations and follows our instructions in this regard.
We use the following hoster:
IONOS SE Elgendorfer Str. 57 56410 Montabaur
Conclusion of a contract for order processing
In order to guarantee data protection-compliant processing, we have concluded an order processing contract with the hoster.
Provision of the website and creation of log files
a) Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and version used
The user’s operating system
The user’s internet service provider
The IP address of the user
Date and time of access
Websites from which the user’s system accesses our website
Websites that are accessed by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
b) Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
c) Purpose of the data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
The DLR website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.
When using these general data and information, DLR does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) ensure the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. Therefore, DLR analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our research center, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The anonymous data of the server log files are stored separately from all personal data provided by a data subject. 1 lit. f DSGVO.
d) Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case no later than 3 months after the end of the project. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.
e) Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
VII Use of cookies
Our website uses so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. a GDPR. 1 lit. f GDPR, unless another legal basis is specified. DLR has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time. The user data collected by technically necessary cookies is not used to create user profiles.
You can set your browser so that you are informed about the setting of cookies and Allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.
VIII Registration on this website
You can register on this website in order to use additional functions on the site. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.
In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.
The other personal data processed during the registration process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
d) Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the registration form, this is the case when the event and the associated organization have been completed for 3 months.
e) Possibility of objection and removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail at datenschutz@dlr.de they can object to the storage of their personal data at any time. In such a case, participation in the event cannot take place.
All personal data stored in the course of registration will be deleted in this case.
E-mail contact
If you contact us by e-mail, telephone or fax, your request, including all resulting information, will be We store and process the personal data (name, inquiry) provided by you for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Newsletter
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. Further data is not collected or is only collected on a voluntary basis.
Legal basis The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
Storage duration The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to delete or block it.
After you unsubscribe from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider may be stored in a blacklist to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
eCommerce and payment providers
a) Processing of data (customer and contract data)
We collect, process and use personal data only insofar as it is necessary for the establishment, exercise or defense of legal claims,
are required to determine the content or change the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
b) Data transmission upon conclusion of a contract for services and digital content
We only transfer personal data to third parties if this is necessary in the context of the processing of the contract, for example to the credit institution commissioned to process the payment. Further transmission of the data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
c) Payment services
We integrate third-party payment services on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. Der Einsatz der Zahlungsdienstleister erfolgt auf Grundlage von Art. 6 Abs. 1 lit. b GDPR (contract processing) and in the interest of making the payment process as smooth, comfortable and secure as possible (Art. 6 Para. 1 lit. F GDPR). If your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR legal basis for data processing; Consent can be revoked at any time in the future.
We use the following payment services/payment service providers on this website:
PayPal The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full. Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
XII. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:
a) Right to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request information from the person responsible about the following information:
– the purposes for which the personal data are processed;
– the categories of personal data that are processed;
– the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
– the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
– the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;
– the existence of a right to lodge a complaint with a supervisory authority;
– all available information about the origin of the data if the personal data are not collected from the data subject;
– the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.
– You also have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request information about the appropriate guarantees in accordance with. Art. 46 GDPR to be informed in connection with the transfer.
– The controller provides a copy of the personal data that is the subject of processing. For any additional copies you request, the person responsible may charge a reasonable fee based on administrative costs. If you submit the application electronically, the information must be provided in a common electronic format unless you specify otherwise. The right to receive a copy under paragraph 3 shall not prejudice the rights and freedoms of other persons.
b) Right to rectification
As the data subject, you have the right to immediately request that the person responsible correct incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of a supplementary statement.
c) Right to restriction of processing
You can request the restriction of the processing of personal data concerning you under the following conditions:
– if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;
– the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
– if you object to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
d) Right to deletion
Obligation to delete
You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
– The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
– You revoke your consent to which the processing is based in accordance with. Art. 6 Abs. 1 lit. a oder Art. 9 Abs. 2 lit. a GDPR and there is no other legal basis for the processing.
– You lay according to. Art. 21 para. 1 GDPR, you object to the processing and there are no overriding legitimate reasons for the processing, or you submit an objection in accordance with. Art. 21 para. 2 GDPR object to the processing.
– Your personal data has been processed unlawfully.
– The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
– The personal data concerning you were collected in relation to information society services offered in accordance with Article 8 para. 1 GDPR collected.
Information to third parties
Has the person responsible made the personal data concerning you public and is he in accordance with. Art. 17 Abs. 1 GDPR is obliged to delete them, he will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you, as the data subject, request their deletion all links to this personal data or copies or replications of this personal data.
Exceptions
There is no right to deletion if processing is necessary
– to exercise the right to freedom of expression and information;
– in order to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or in order to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
– for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 DSGVO;
– for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with. Art. 89 para. 1 GDPR, insofar as the law mentioned under section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or
– to assert, exercise or defend legal claims.
e) Right to information
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
f) Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that
– the processing is based on consent in accordance with. Art. 6 Abs. 1 lit. a DSGVO oder Art. 9 Abs. 2 lit. a GDPR or on one
– Contract according to Art. 6 Abs. 1 lit. b GDPR is based and
– the processing takes place using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f DSGVO to lodge an objection; This also applies to profiling based on these provisions.
The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
In connection with the use of information society services – regardless of Directive 2002/58/EC – you have the opportunity to exercise your right to object using automated procedures that use technical specifications.
You, as the data subject, have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes Artikel 89 Paragraph 1 applies, unless the processing is necessary to fulfill a task in the public interest.
If you would like to exercise your right of revocation or objection, simply send an email to datenschutz@dlr.de
h) Right to revoke consent given in accordance with Article 7 para. 3 GDPR
You have the right to revoke your consent to the processing of data at any time with future effect. In the event of revocation, we will delete the data concerned immediately unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.
i)Automated decision-making in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
This does not apply if the decision
– is necessary for the conclusion or fulfillment of a contract between you and the person responsible,
– is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
– takes place with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one’s own point of view and heard to challenge the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR.
The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
