Privacy Policy

Information on data protection

The German Aerospace Centre (Deutsches Zentrum für Luft- und Raumfahrt e.V. – DLR) takes the protection of your personal data very seriously. In accordance with the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, this data protection notice informs you about the processing of your personal data by DLR and the rights to which you are entitled. This information will be updated as necessary and made available to you. We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string „https://“ and the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
German Aerospace Centre (DLR) 
Linder Höhe 
51147 Cologne
Phone: +49 2203 601-0 
E-mail: datenschutz@dlr.de 
WWW: https://www.dlr.de

II. Name and address of the data protection officer

You can reach the data protection officer of the controller at
German Aerospace Centre, Linder Höhe, 51147 Cologne 
E-mail: datenschutz@dlr.de

III. Definitions of terms

In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this privacy policy:

1. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter „data subject“). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

11. Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

IV. General information on data processing

1. Scope of the processing of personal data
We only process our users‘ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users‘ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and additionally on the basis of § 25 para. 1 TDDDG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. Furthermore, we process your data if it is necessary for the fulfilment of a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of the processing no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

V. Processing operations

1. Provision of the website and external hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hoster(s) will only process your data to the extent that this is necessary for the fulfilment of its
fulfil its performance obligations and follow our instructions with regard to this data.

We use the following hoster:

Christian Rapp
Fadheiderstr. 55
47877 Willich

Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

2. Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
The type and version of browser used
The used operating system
Referrer URL
The hostname of the accessing computer
The time of the server inquiry
The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.

3. Contact

If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent. 

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.

The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.

Request by e-mail, telephone, or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

VI. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller in accordance with the provisions set out below:

1. in accordance with Art. 15 GDPR, you can request information about the personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period and the existence of the rights explained in this section 4 and 6.

2. in accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.

3. in accordance with Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or even potential defence of legal claims.

4. in accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute its accuracy, if the processing is unlawful but you refuse to delete it and we no longer need the personal data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

5. in accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller

6. in accordance with Art. 7 para. 3 GDPR, you can revoke any consent you have given us under data protection law at any time. As a result, we may no longer continue the data processing that was based on this consent in the future.

7. Right to object pursuant to Art. 21 GDPR
If personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21 para. 6 of the GDPR.

8. In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the controller is available for this purpose.
To exercise these rights, please contact the office specified in Section I. or II.