Privacy

Data protection declaration

I. Name and address of the controller
II. Name and address of the data protection officer
III. General remarks on data processing
IV. Provision of the website and production of log files
V. Use of cookies
VI. Registration
VII. Contact form
VIII. Web analysis by Matomo (formerly PIWIK)
IX. Use of YouTube
X. Use of Twitter
XI. Rights of the data subject
 

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and the German Federal Data Protection Act as well as other data protection provisions, is:

German Aerospace Center
Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)
Linder Höhe
51147 Cologne
Tel.: +49 2203 601 0
Fax: +49 2203 67310
Email: contact-dlr@dlr.de
www.dlr.de

DLR's Executive Board, consisting of Prof. Dr. Pascale Ehrenfreund (Chair of the Executive Board), Klaus Hamacher (Vice Chairman of the Executive Board), Prof. Rolf Henke, Prof. Dr. rer. nat. Hansjörg Dittus, Prof. Dr.-Ing. Karsten Lemmer and Dr.-Ing. Walther Pelzer is empowered to act as DLR's representative. The Executive Board can also authorise DLR employees to act on behalf of DLR. The head of DLR's legal department, Linder Hoehe, 51147 Cologne, can provide information about the extent of this authorisation.
 

II. Name and address of the data protection officer

The DLR‘s data protection officer is:
Uwe Gorschütz
datenschutz@dlr.de
 

III. General remarks on data processing

We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as content and services. In principle, we will only process the personal data of our users after obtaining their consent. Cases in which prior consent is factually impossible and the processing of user data is permitted by law constitute an exception to this rule.

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage ceases to apply. The data may be stored beyond this time if this is provided for by the European or national legislator in Union directives, laws or other regulations to which the controller is subject. The data will also be blocked or deleted on expiry of a storage period as specified in the named standards, unless the continued storage of the data is necessary for the conclusion or fulfilment of a contract.

In this Privacy Notice you will find explanations on how your personal data is processed on our websites regarding the:

a)             Scope of personal data processing
b)             Legal basis for processing personal data
c)             Purpose of data processing and storage
d)             Duration of data storage
e)             Right of objection and removal (opt-out option)
 

IV. Provision of the website and production of log files

a) Description and scope of data processing
This website automatically collects information transmitted by your browser and saves it in so called server log files. The following information is collected each time you visit our website:

(1)           Information about browser type and version
(2)           user’s operating system
(3)           user´s IP address
(4)           Date and time of access
(5)           Referrer website(s)
(6)           Websites the user accesses from our website

This information will not be stored in combination with any of the user’s personal data.

b) Legal basis for data processing
The legal basis for the temporary storage of data and log files is point (f) of Art. 6 (1) of the GDPR.

c) Purpose of data processing
Data storage in log files is carried out to ensure the proper functioning of the website. In addition, the data helps us optimise the website and ensure the safety and security of our IT systems. The data is not analysed for marketing purposes in this context.
These purposes justify our legitimate interests in data processing pursuant to point (f) Art. 6 (1) of the GDPR.
 
d) Duration of storage
Your data will be deleted as soon as the purpose of its collection ceases to apply. Data stored in log files will be deleted after seven days at the latest. A longer storage period is possible. In this case, the users' IP addresses are deleted or alienated, so that an assignment of the calling client is no longer possible.

e) Right to objection and removal (opt-out option)
The collection of data its storage in log files is essential to operate this website. There is consequently no scope to object on the part of the user (no opt-out option).
 

V. Use of cookies

a) Description and scope of data processing
Our website uses session cookies. Cookies are text files placed on the user’s computer system by a browser and stored there. Each time a user visits a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic string that allows identifying the browser the next time the user visits this website.
We only use cookies to make our website more user-friendly. Some elements of our website require identifying the accessing browser after a change of web pages.

b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is point (f) of Art. 6 (1) of the GDPR.

c) Purpose of data processing
Technically necessary cookies are used to simplify the use of websites for its visitors. Some of the functions on our website cannot be offered without the use of cookies. For this purpose, the browser has to be identifiable after a change of pages.
User data collected through technically necessary cookies are not used to create user profiles.
This is the purpose of our legitimate interest in processing personal data pursuant to point (f) Art. 6 (1) of the GDPR.

d) Duration of storage; right to objection and removal (opt-out option)
Cookies are stored on the user's computer and transmitted to our website. As a user you have full control over the usage of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. Depending on your browser settings, this can happen automatically. If cookies are deactivated for our website you may not be able to use all of the functions provided by the website.


VI. Registration

a) Description and scope of the data processing
We offer users the opportunity to register on our website by providing some personal data. The data is entered into an input screen and then transmitted to and stored by us. Your data will not be passed on to third parties, excluding co-organizers of the respective event. The following data can be collected during the registration process: Name, Surname, Organization, Country, E-mail.

Additional data may also be stored at the time of the registration, e.g. date and time of the registration, experiences in the current job, food allergies for the planning of the catering. During the registration procedure we will ask for the consent to process your data.

b) Legal basis for data processing
If the user has declared his / her consent, point (a) of Art. 6 (1) of the GDPR is the legal basis for processing their data.

c) Purpose of processing
The registration does not serve the conclusion of a contract with the user. User registration is required to provide certain contents and services on our website, e.g. presentations from past events, documents to support NCPs in their daily work.

d) Duration of storage
Your data will be deleted as soon as the purpose of its collection ceases to apply. The registration does not serve the conclusion of a contract with the user. This is the case for data collected during the registration process if the registration on our website is cancelled or amended.

e) Right to objection and removal (opt-out option)
As a user, you can cancel your registration at any time. You can also change the date, which are stored about you, at any time.

f) Forum subscription
If your application for an account on this website is granted you will automatically be subscribed to the network forum on this website and you will receive an email notification upon new entries in the forum. At any time you will have the option to unsubscribe from this notification under the settings in your profile. Your email address will not be passed on to third parties and only be visible to the forum administrators.


VII. Contact form

a) Description and scope of the data processing
Our website includes a contact form, which can be used to make contact with us by electronic means. If a user realizes this option, the data entered in the inputs screen is transmitted to us and stored in a ticketing system. This applies to the following data: Name, Surname, E-mail.
The following data is stored additionally when sending a message: Date and time of the request.
Your consent for data processing will be obtained, and you will be referred to this Privacy Notice during the sending process. The data is not transferred to third parties in this context, partners within the Project Health NCP Net 2.0 excluded. The data is used exclusively for processing the correspondence.

b) Legal basis for data processing
The legal basis for processing of the data in the event that consent has been received from the user is set out in point (a) of Art. 6 (1) of the GDPR.

c) Purpose of the data processing
We use the personal data you provide in the input screen to process your enquiry. In order to improve our products and services we analyse your inquiries at irregular intervals, even after they have been settled, for anonymous improvement reports.

d) Duration of storage
The data will be deleted as soon as it is no longer needed to achieve the purpose of its collection. This is the case after two years at the latest.

e) Right to objection and removal (opt-out option)
The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting us by email. Correspondence will be discontinued in these cases. All personal data stored in connection with contacting us will be deleted in this case.
 

VIII. Web analysis by Matomo (formerly PIWIK)

a) Scope of the processing of personal data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the browsing behaviour of our users. The software places a cookie on the user’s computer (see above for more details of cookies). The following data will be saved if individual pages are visited on our website:

(1)                     Two bytes of the IP address of the user’s accessing system
(2)                     The accessed website
(3)                     The website from which the user reached the accessed website (referrer)
(4)                     The sub-pages accessed from the website
(5)                     How long the user remained on the website
(6)                     How often the website was accessed

The software hereby runs exclusively on the servers for our website. The user’s personal data is only stored there. This data will not be forwarded to third parties.

b) Legal basis for the processing of personal data
The legal basis for processing the user’s personal data is point (f) of Art. 6 (1) of the GDPR.

c) Purpose of data processing
Processing the user’s personal data allows us to analyse the browsing behaviour of our users. We are able to compile information about how individual components of our website are used by analysing the collected data. This helps us to constantly improve our website and its user-friendliness. Profiling does not take place. These purposes justify our legitimate interests in processing data pursuant to point (f) Art. 6 (1) of the GDPR. The anonymisation of the IP address takes due account of the user’s interest in the protection of their personal data.

d) Duration of storage
The software has been configured so that the IP addresses are not stored completely. Two bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, the shortened IP address can no longer be assigned to the accessing computer.

e) Right to objection and removal (opt-out option)
Cookies are stored on the user’s computer and then sent to our page from this. This is why you also have full control over the use of cookies as a user. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can take place automatically. If cookies for our website are deactivated you may not be able to use all of the functions provided by the website.
We offer users of our website an opt-out option for the analysis procedure. The corresponding link has to be followed for his purpose. As a result, a further cookie will be placed on your system that tells our system not to save the user’s data. If the user temporarily deletes the corresponding cookie from their own system, they have to reset the opt-out cookie.
Click the following link for more information about the privacy settings for the Matomo software: https://matomo.org/docs/privacy/.

IX. Use of YouTube

The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that enables video publishers to upload video clips free of charge and that permits other users to view, rate and comment on these videos, also free of charge. YouTube allows the dissemination of all kinds of videos, so that full movies and TV programmes, as well as music videos, trailers and videos produced by users, are accessible on the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each visit to one of the individual pages of this Website that are operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the Information Technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component.
The embedding code for YouTube videos was generated in advanced data privacy mode (for more detailed information in this regard, visit https://support.google.com/youtube/answer/171780).
Further information about YouTube is available at https://www.youtube.com/intl/en/yt/about/. During the course of this technical procedure, YouTube and Google acquire knowledge of the specific sub-page of our website that was visited by the data subject.
If the data subject is simultaneously logged into YouTube, YouTube recognises – with each visit to a sub-page that contains a YouTube video – which specific sub-page of our website the data subject visited. This information is collected by YouTube and Google and associated with the YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube when visiting our website; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of information to YouTube and Google is not desirable for the data subject, then he or she can prevent this by logging off from their YouTube account before visiting our website.
YouTube’s privacy policy, which is available at https://policies.google.com/privacy, provides information on the collection, processing and use of personal data by YouTube and Google.
The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal basis for processing of the data after consent by the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
 

X. Use of Twitter

The controler has integrated Twitter components on this website. The Twitter plug-ins (tweet button) are identified by the Twitter logo (blue bird) on our website. For an overview of tweet buttons, click here: https://about.twitter.com/resources/buttons.
Twitter is a multilingual, publicly accessible microblogging service on which users can publish and disseminate so-called tweets, which are short messages of no more than 280 characters. These short messages are accessible to everyone, so also to persons not registered with Twitter. The tweets are also shown to the user’s Twitter ‘followers’. Followers are other Twitter users that have subscribed to the tweets by a certain user. In addition, Twitter enables the addition of hashtags, links or retweets to address a broad audience.
The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
When you visit a page on our website containing this kind of plug-in, a direct connection is established between your browser and the Twitter server. Twitter therefore receives information that you visited our page with your IP address. If you click on the Twitter ‘tweet button’ while logged into your Twitter account, you can link the content of our page to your Twitter profile. Twitter is therefore able to associate your Twitter account with your visit to our pages. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how Twitter uses it.
Please log out of your Twitter user account if you do not want Twitter to associate your visit to our website with your account.
With each visit to one of the individual pages on this website that are operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the data subject will be automatically prompted by the respective Twitter component to download a displayable Twitter component from Twitter. For further information on the Twitter buttons, visit https://publish.twitter.com/. In the course of this technical procedure, Twitter becomes aware of which sub-page of the website the data subject has visited. The purpose of integrating the Twitter component is to enable our users to disseminate the content of the web page, to publicise the web page in the digital world and to increase our visitor numbers.
Where the data subject is simultaneously logged onto Twitter, Twitter will recognise (for the duration of the visit to our website) each individual sub-page that the data subject visits while accessing our website. This information is collected by the Twitter component and associated with the Twitter account of the data subject. Where the data subject clicks on one of the twitter buttons integrated on our website, the data and information transmitted in this way will be associated with the Twitter user account of the data subject and will be stored and processed by Twitter.
The Twitter component will also inform Twitter if the data subject has visited our website, while simultaneously logged into their Twitter account; this takes place regardless of whether or not the data subject clicks on the Twitter component. If such a transmission of information to Twitter is not desirable for the data subject, then he or she can prevent this by logging off from their Twitter account before visiting our website.
The applicable Twitter privacy policies can be accessed at: https://twitter.com/privacy.
The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal grounds for processing of the data after consent by the user are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
 

XI. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following with respect to the controller:

a) Right of information
You have the right to obtain from the controller confirmation of whether or not personal data concerning you is processed by us. If this is the case, you can demand the following information from the controller:

(1)the purposes of the processing of the personal data;
(2)the categories of personal that is processed;
(3)the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you, or the criteria applied to defining the duration of storage if precise information in this regard is not available;
(5)the existence of the right to request from the controller rectification or erasure of personal data, restriction of processing of personal data concerning the data subject or to object to such processing;
(6)the right to lodge a complaint with a supervisory authority;
(7)any available information of their source. If the personal data is not collected from the data subject;
(8)the existence of an automated decision-making process, including profiling, according to Art. 22 paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic and implications involved, as well as on the intended effects of this kind of processing on the data subject.

You also have the right to obtain information on whether the personal data concerning you has or will be transferred to a third country or to an international organisation. In this regard, you are entitled to request information on the appropriate guarantees in place with regard to this processing in accordance with Art. 46 of the GDPR.

b) Right to correction
You have the right to rectification and/or completion by the controller if the processed personal data relating to you is incorrect or incomplete. The controller must carry out the rectification immediately.

c) Right to limit processing
Under the following conditions, you can demand the restriction of the processing of your personal data:

(1)if you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2)the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3)the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
(4)you have objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing is restricted in accordance with the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

d) Right to delete
i) Obligation to delete
You can demand from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1)the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2)you withdraw your consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2) of the GDPR, and where there is no other legal basis for the processing;
(3)you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR;
(4)the personal data concerning you have been unlawfully processed;
(5)the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

ii) Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art 17 (1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

iii) Exceptions
The right to erasure does not exist if processing is necessary

(1)for exercising the right of freedom of expression and information;
(2)for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3)for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR;
(4)for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5)for the establishment, exercise or defence of legal claims.

e) Right to notification
Where you have exercised the right to correction, deletion or restriction of processing with the data controller, the data controller shall be obliged to notify all recipients to whom the personal data concerning you was disclosed of this correction or deletion of data or of the restriction of processing, except where compliance proves to be impossible or is associated with a disproportionate effort.
In addition, you are entitled to require that the data controller inform you about these recipients.

f) Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transfer that data to another controller without hindrance from the controller to which the personal data have been provided, where:

(1)the processing is based on consent pursuant to point (a) of Article 6 (1) of the GDPR or point (a) of Article 9 (2) of the GDPR or on a contract pursuant to point (b) of Article 6 (1) of the GDPR; and
(2)the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons. The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object
You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on parts (e) or (f) of Art. 6, paragraph 1 of the GDPR; this includes profiling based on those provisions.
The controller shall no longer process the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

h) Right to withdraw consent pursuant to Art. 7, paragraph 3 of the GDPR
You have the right to withdraw your consent to the processing of data at any time, with future effect. In the event that you withdraw consent, we will delete the data concerned immediately, except where processing can be based on legal grounds that do not require consent. The withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal of consent.

i) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.