Information about Data Protection
DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG). This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected. We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.
This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller).
We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Name and address of the controller
The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:
Deutsches Zentrum fuer Luft- und Raumfahrt e. V. (DLR)
Linder Hoehe
51147 Cologne
Telephone: +49 2203 601-0
Email: datenschutz@dlr.de
WWW: https://www.dlr.de
Name and address of the data protection officer
The controller’s appointed data protection officer is:
Uwe Gorschütz, Deutsches Zentrum fuer Luft- und Raumfahrt e. V., Linder Hoehe, 51147 Cologne
Email: datenschutz@dlr.de
Definition of terms
Among others, we use the following terms in this Privacy Policy, set out in the General Data Protection Regulation and the Federal Data Protection Act:
1. Personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
3. Processing
Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. Controller or data processing controller
Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
8. Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
9. Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
10. Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
11.Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
General information on data processing
1. Scope of processing of personal data
We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.
2. Legal grounds for the processing of personal data
Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6, paragraph 1, part (b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.
Where personal data is processed for compliance with a legal obligation to which our research centre is subject, the legal grounds are set out in Art. 6, paragraph 1, part (c) of the GDPR.
Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6, paragraph 1, part (d) of the GDPR.
Where processing is necessary for the legitimate interests of our research centre or a third party, and where the fundamental rights and freedoms of the data subject do not override the first interests, the legal grounds are set out in Art. 6, paragraph 1, part (f) of the GDPR.
3. Data deletion and duration of data storage
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.
4. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Hosting and content delivery networks (CDN)
1. External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster processes your data only to the extent necessary to fulfill its service obligations and follows our instructions in this regard.
We use the following hoster:
all-inkl.com
Hauptstraße 68, 02742 Friedersdorf, Fon 49 35872 35310
2. conclusion of a contract for order processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.
Processing operations
1. Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.
2. Contact
Request by e-mail, telephone, or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Contact form and email contact
a) Description and scope of data processing
Our website includes a contact form that can be used to make contact with us by electronic means. Where a data subject uses this option, the data entered in the input screen will be transferred to us and stored. This applies to the following data:
- First name
- Family name
- Email address
The following data is stored additionally when sending a message:
- IP address of the user
- Date and time of registration
Your consent for data processing will be obtained, and you will be referred to this Privacy Notice during the sending process.
Alternatively, it is possible to contact us using the email address provided. The personal data of the user transferred with the email will be stored in this case.
The data is not transferred to third parties in this context. The data is used exclusively for processing the correspondence.
b) Legal basis for data processing
The legal basis for processing of the data in the event that consent has been received from the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
The legal basis for processing of the data sent to us by email is set out in Art. 6, paragraph 1, part (f) of the GDPR. Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Art. 6, paragraph 1, part (b) of the GDPR.
c) Purpose of data processing
We use the personal data you provide in the contact form exclusively to process your enquiry. In the case of contact by email, this represents our necessary, legitimate interest in data processing.
Any other personal data that is processed when you send us the contact form is used to prevent abuse of the contact form and to protect the security of our Information Technology systems.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data entered in the input screen of the contact form and personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively.
Any additional personal data collected during the sending process will be deleted after a maximum of seven days.
e) Right to objection and removal
The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting datenschutz@dlr.de. Correspondence will be discontinued in these cases.
All personal data stored in connection with contacting us will be deleted in this case.
Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller in accordance with the provisions set out below:
- in accordance with Art. 15 GDPR, you can request information about the personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period and the existence of the rights explained in this section 4 and 6.
- in accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.
- in accordance with Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or even potential defence of legal claims.
- in accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute its accuracy, if the processing is unlawful but you refuse to delete it and we no longer need the personal data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.
- in accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller
- in accordance with Art. 7 para. 3 GDPR, you can revoke any consent you have given us under data protection law at any time. As a result, we may no longer continue the data processing that was based on this consent in the future.
- Right to object pursuant to Art. 21 GDPR
If personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21 para. 6 of the GDPR. - In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the controller is available for this purpose.