DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR) (refer to https://gdpr-info.eu/), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.
This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller). A connection is encrypted if you see the character sequence ‘https://’ and the padlock icon in your browser’s address bar.
I. Name and address of the controller
The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:
Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)
Linder Höhe
51147 Cologne
Telephone: +49 2203 601-0
Email:
WWW: https://www.dlr.de
The controller’s appointed data protection officer is:
Der/die Datenschutzbeauftragte, Deutsches Zentrum für Luft- und Raumfahrt e. V., Linder Höhe, 51147 Cologne
Email:
II. General information on data processing
We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.
II.1 Provision of the website and log files
a) Description and scope of data processing
Our system automatically collects data and information from the accessing computer system each time our website is visited.
The following data is collected in this context:
- Source IP address of accessing system
- Date and time
- Browser version and operating system of accessing system
- Web address from which the accessing system arrives on our website (referrer URL)
- Requested web address of our server
Furthermore other similar data and information that is used to protect against risks in the case of attacks on our Information Technology systems.
The data is also stored in log files kept on our system. This data is not stored together with other personal data concerning the user.
b) Legal grounds for data processing
The legal grounds for temporary storage of the data and log files are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
Temporary storage of the IP address by our system is necessary to deliver the website to the computer of the user. For this purpose, the source IP address of the request must be stored for the duration of the session.
Storage in log files takes place to ensure functionality of the website. In addition, the data is used to optimise the website and to ensure security of our Information Technology systems. Data analysis for marketing purposes does not take place in this context.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.
In the case of data stored in log files, this occurs after no longer than seven days. Further storage is possible; in these cases, the IP addresses are deleted or pseudonymised to prevent any association with the accessing client or user.
e) Right to objection and removal
The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.
II.2 Contact form and email contact
a) Description and scope of data processing
A few of our web pages provides contact forms. The data entered in the input screen will be transferred to us and stored. This applies to the following data:
- First name
- Family name
- Email address
The following data is stored additionally when sending a message:
- IP address of the user
- Date and time of submission
Your consent for data processing will be obtained, and you will be referred to this Privacy Notice during the sending process.
Alternatively, it is possible to contact us using the email address provided. The personal data of the user transferred with the email will be stored in this case.
The data is not transferred to third parties in this context. The data is used exclusively for processing the correspondence.
b) Legal basis for data processing
The legal basis for processing of the data in the event that consent has been received from the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
The legal basis for processing of the data sent to us by email is set out in Art. 6, paragraph 1, part (f) of the GDPR. Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Art. 6, paragraph 1, part (b) of the GDPR.
c) Purpose of data processing
We use the personal data you provide in the contact form exclusively to process your enquiry. In the case of contact by email, this represents our necessary, legitimate interest in data processing.
Any other personal data that is processed when you send us the contact form is used to prevent abuse of the contact form and to protect the security of our Information Technology systems.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data entered in the input screen of the contact form and personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively.
Any additional personal data collected during the sending process will be deleted after a maximum of seven days.
e) Right to objection and removal
The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting . Correspondence will be discontinued in these cases.
All personal data stored in connection with contacting us will be deleted in this case.
II.3 Registration to events
a) Description and scope of data processing
Some web pages of this web server provides registration forms for events. Beside the provided form field content (name, email address, …) date and time are saved.
b) Legal grounds for data processing
The legal basis for processing of the data is set out in Art. 6, paragraph 1, part (a), (b) and (f) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
The data is used for the realisation of the event, eg. room planning, ordering of meals, reservations for excursions, participants list.
The registration data are made available to the event organisation committee. The members of the committee are listed on the event web pages and have often international provenance.
The registration data can be used afterwards to inform about succeeding events or scientific events with similar topics.
Your consent for possible data uses will be obtained at registration and is optional.
d) Duration of storage
Deletion of registration data happen after 3-5 years after the event.
e) Right to objection and removal
Over the given contact address of the organiser of the event, data can be corrected or requested to be removed.
II.4 Registration to SPARC-Newsletter and eNews
a) Description and scope of data processing
Visitors to our website have the option of subscribing to a free “SPARC Newsletter” and “SPARC eNews”. The data entered in the input screen while registering is transmitted to us.
The following data are also collected during registration and stored in the database:
- Subscription Status (Subscribed, Activated, Unsubscribed)
- Subscription Date, Activation Date, Unsubscription Date
Your consent to the processing of data is obtained during the registration process, and you are referred to this Privacy Notice.
No data is transferred to third parties in connection with data processing for delivery of the newsletter. The data is used exclusively to deliver the newsletter.
b) Legal basis for data processing
The newsletter and eNews are delivered based on registration by the user on our website. The legal basis for processing of the data after registration for the newsletter or eNews is, upon receipt of consent by the user, set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
The user’s email address is collected in order to deliver the newsletter or eNews.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. Therefore, the user’s email address and first and family names will be stored for as long as the newsletter subscription remains active.
e) Right to objection and removal
The data subject can unsubscribe to the newsletter at any time. Each newsletter or eNews includes a suitable instructions.
II.5 eNews uses Mailchimp
Our eNews are sent by MailChimp to subscribers.
MailChimp is a service from “The Rocket Science Group” (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). For Mailchimps privacy policy see http://mailchimp.com/legal/privacy/ .
The Rocket Science Group is certified due to the EU-US Privacy Shield. See https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG
eNews emails uses HTML text format with links redirected to servers used by MailChimp. They are using web techniques (cookies, images, etc.) for analysing our reading activities. So we have a feedback to improve the eNews. Besides this, The Rocket Science Group shares some information with third party advertising partners.
The legal basis for processing of the data is, upon receipt of consent by the user, set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
The user can unsubscribe to the newsletter at any time. Each eNews includes suitable instructions.
II.6 Use of cookies
a) Description and scope of data processing
Only a few parts of our website uses cookies. They are used for content editors login. Cookies are text files placed on the user’s computer system by a browser and stored there.
We use technically necessary cookies to improve our website’s user friendliness. Some elements on our website make it necessary to recognise the accessing browser when moving from page to page (eg. for login).
b) Legal basis for data processing
The legal grounds for the processing of personal data using technically necessary cookies are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).
c) Purpose of data processing
Technically necessary cookies are used to make our website user friendly. Some functions on our website cannot be provided without the use of cookies, as they require that the browser is recognised when moving from page to page.
The user data collected with technically necessary cookies is not used to produce user profiles.
d) Duration of storage
Cookies have an expire date an are removed after expiration by the internet browser. technically necessary cookies are implemented as session cookies, which are removed when closing the browser.
e) Right to objection and removal
You can change the settings of your Internet browser to disable or restrict the transfer of cookies at any time. Cookies that have already been placed on your computer can be deleted at any time.
III. Rights of the data subject
Where personal data concerning you is processed, you are the data subject as defined in the EU General Data Protection Regulation (GDPR) and you have the following rights with respect to the controller:
- Right to information
- Right to correction
- Right to limit processing
- Right to deletion
- Right to notification
- Right to data portability
- Right to object
- Right to withdraw consent pursuant to Art. 7, paragraph 3 of the GDPR
- Right to lodge a complaint with a supervisory authority
This rights are independent from the services of this web server. Please see details at https://www.dlr.de/Privacy, Section “Rights of the data subject”.