DLR takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. This
privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. As a registered association under German civil law, we are subject to the provisions of the EU General Data ProtectionRegulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telecommunications
Telemedia Data Protection Act (TTDSG). We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1. name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

German Aerospace Centre (DLR)
Linder Height
51147 Cologne

Phone: +49 2203 601-0
E-mail: datenschutz@dlr.de
WWW: https://www.dlr.de

2. name and address of the data protection officer

The data protection officer of the controller is

Uwe Gorschütz
German Aerospace Centre, Linder Höhe, 51147 Cologne
datenschutz@dlr.de

3. definitions

In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this Privacy Policy:

1. personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. person concerned

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

3. processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

5. profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. controller or person responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. processors

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11. consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. general information on data processing

1. scope of the processing of personal data

We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. legal basis for the processing of personal data

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and additionally on the basis of § 25 para. 1 TDDDG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. Furthermore, we process your data if it is
necessary for the fulfilment of a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.

3. data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the processing no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4. revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

5. individual processing operations

5.1 Provision of this website and external hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing
existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hoster(s) will only process your data to the extent that this is necessary for the fulfilment of its
fulfil its performance obligations and follow our instructions with regard to this data.

We use the following hoster:

Host Europe GmbH
Hansestrasse 111
51149 Cologne

5.1.2 Order processing

We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

5.1.3 Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files must be recorded for this purpose.

5.2 Newsletter

We use Rapidmail to send newsletters. The provider is

Positive Group Germany GmbH
Wentzingerstrasse 21
79106 Freiburg
Germany

5.2.1 Stored data

The main data name and e-mail address are requested in the form. In addition, the following data is stored by the newsletter provider:

  • Registration date
  • Company
  • IP address of the registration
  • IP address of the activation
5.2.2 Legal basis

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

5.2.3 Storage period

The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

5.2.4 Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5.3 Event registration

If you would like to register for one of our events, we need your first name, surname, e-mail address and details of your first and, if applicable, second citizenship. No further data is collected, or only on a voluntary basis. We use the newsletter service provider Rapidmail to process the registration.

rapidmail GmbH
Wentzingerstraße 21
79106 Freiburg im Breisgau
Germany

5.2.1 Stored data

The main data name and e-mail address are requested in the form. In addition, the following data is stored by the newsletter provider:

  • Registration date
  • Company
  • First nationality
  • Second nationality
  • IP address of the registration
  • IP address of the activation
5.3.2 Legal basis

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

5.3.3 Storage period

The data you provide us with for the purpose of registration will be stored by us or the newsletter service provider until you unsubscribe from the mailing list and will be deleted from the newsletter mailing list after you unsubscribe from the event newsletter. Data stored by us for other purposes remains unaffected by this.

After you unsubscribe from the distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

5.3.4 Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

5.4 Contact

5.4.1 Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR, provided that your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5.5 Cookies

Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.

5.6 Cookies used on this website

5.6.1 Multilingual system (Polylang)1

Polylang is a multilingual system for WordPress websites. The cookies save the user’s language and can redirect the user to the version of the website that corresponds to the language of the user’s browser.

5.6.2 Consent with

devowl.io GmbH (Real Cookie Banner Pro)
https://devowl.io/

5.7 Contact form and e-mail contact

5.7.1 Description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are

  • First name
  • Surname
  • Company/Organisation
  • E-mail address

The following data is also stored at the time the message is sent:

  • The IP address of the user
  • Date and time of registration

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

5.7.2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

5.7.3 Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

5.7.4 Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5.7.5 Possibility of objection and removal

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email at datenschutz@dlr.de, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

5.8 Vimeo without tracking (Do-Not-Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that Vimeo does not track your user activities and does not set any cookies.

The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here:
https://vimeo.com/privacy.

Further information on the handling of user data can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.

5.9 SoundCloud

Plugins from the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom) may be integrated on this website. You can recognise the SoundCloud plugins by the SoundCloud logo on the relevant pages.

When you visit this website, a direct connection is established between your browser and the SoundCloud server once the plugin has been activated. SoundCloud then receives the information that you have visited this website with your IP address. If you click on the “Like button” or “Share button” while you are logged into your SoundCloud user account, you can link and/or share the content of this website with your SoundCloud profile. This allows SoundCloud to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by SoundCloud.

The data is stored and analysed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The UK is considered a safe third country under data protection law. This means that Great Britain has a level of data protection that corresponds to the level of data protection in the European Union.

Further information on this can be found in SoundCloud’s privacy policy at: https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to associate your visit to this website with your SoundCloud user account, please log out of your SoundCloud user account before activating content from the SoundCloud plugin.

5.10 Matomo

This website uses the open source web analysis service Matomo.

With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

5.10.1 IP anonymisation

We use IP anonymisation for the analysis with Matomo. Your IP address is truncated before the
analysed so that it can no longer be clearly assigned to you.

5.10.2 Cookie-less analysis

We have configured Matomo so that Matomo does not store any cookies in your browser.

5.10.3 Hosting

We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.

6 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller in accordance with the provisions set out below:

  1. In accordance with Art. 15 GDPR, you can request information about the personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period and the existence of the rights explained in this section 4 and 6.
  2. In accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.
  3. In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or even potential defence of legal claims.
  4. In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if you dispute its accuracy, if the processing is unlawful but you refuse to delete it and we no longer need the personal data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.
  5. In accordance with Art. 20 GDPR, you can receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller.
  6. In accordance with Art. 7 Para. 3 GDPR, you can revoke your data protection consent at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future.
  7. According to Art. 21 GDPR right to object

If personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) of the GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 of the GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21 para. 6 of the GDPR

  • In accordance with Art. 77 GDPR, you can lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the controller is available for this purpose.

To exercise these rights, please contact the office specified in Section I. or II.