DLR takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. As a registered association under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as the Telecommunications Telemedia Data Protection Act (TTDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers.
SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Name and address of the person responsible
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
German Aerospace Center (DLR) Linder Höhe, 51147 Cologne, Germany
Tel.: 02203 601-0
Fax: 02203 67310
Email: contact-dlr@dlr.de WWW: https://www.dlr.de
Name and address of the data protection officer
The data protection officer of the data controller is:
Uwe Gorschütz, German Aerospace Center e. V., Linder Höhe, 51147 Cologne, Germany E-mail: datenschutz@dlr.de
Definitions
In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this privacy policy:
1. personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. person concerned
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
3. processing
Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
5 Profiling
Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
6. pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
7. controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
8. order processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
9. receiver
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.
10. third party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
11. consent
Consent shall mean any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed according to Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. This consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR.
The data processing may also be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.
Storage period
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) OF THE DATA PROTECTION ACT).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose and for further questions on the subject of personal data.
Right to restrict processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Objection to advertising e-mails
The use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
Data collection on this website
Cookies
Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Insofar as consent to the
storage of cookies and comparable recognition technologies was requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Registration
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:
- E-mail address
- Name
- First name
The following data is also stored at the time of registration:
- Date and time of registration
The user's consent to the processing of this data is obtained as part of the registration process. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
Registration of the user is required for the provision of certain content and services, in particular the submission of documents on our website.
The registration data will be stored on our server until the registration is terminated (see VI e).
As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time.
You can delete or change the account by contacting the technical contact Projektträger im Deutschen Zentrum für Luft- und Raumfahrt e.V., Management/IKT-Service by e-mail at the address pt-webservice@dlr.de.
After the binding digital submission of documents, premature deletion of registration data is no longer possible. In this case, these data will be anonymised.
Information clause
Pursuant to Article 13 (and/or) 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ. L 2016, No. 119, p. 1), we would like to inform you about the principles of processing of the personal data provided by you (information obligation):
1) The Joint Controllers of the Personal Data are as follows:
2) Data subjects may contact the Data Protection Officers designated by the Joint Controllers in the following matters: personal data processing, exercise of rights related to personal data processing, by sending e-mail messages to the e-mail addresses or addresses of the Joint Data Controllers specified in item 1. The Data Protection Officers are also obliged to provide information on arrangements with the Joint Controllers.
3) The Joint Controllers as basic research funding organisations cooperate within multilateral networks/programmes, implemented in formulas cofunded by the European Union (e.g.European Partnerships) and within specific initiatives of partner agencies (without EU subsidies). The core objective of multilateral initiatives is to organise calls for international research projects. The Joint Controllers process personal data to carry out public interest tasks or as an exercise of public authority entrusted to the controller and to comply with the legal duties applicable to each Joint Controller and resulting from the applicable domestic laws, in particular in compliance with Article 6.1.b), Article 6.1.c) and Article 6.1.e) of GDPR. Detailed information on the legal basis of processing by each Joint Controller is provided on the web site of each Joint Controller as specified in item 1.
4) The scope and type of data processing, the objectives and methods of processing, including the involvement of the Joint Controllers in those processings as well as the categories of data recipients are provided in Appendix No. 1.
5) The Joint Controllers may process the collected personal data for periods required to perform Cooperation and obligations set forth in the consortium agreement concluded between the Joint Controllers and/or the grant agreement concluded between the Joint Controllers and the European Commission (hereinafter the Grant Agreement).
6) Data subjects – depending on the legal basis for processing – shall be entitled to the rights available to them pursuant to applicable laws, including as follows:
a) to access to their personal data – which means that right to obtain from a Data Joint Controller a confirmation if their personal data are processed. If their data are processed, such data subjects are entitled to get access to their data and to obtain the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period; the existence of the right to have the personal data corrected, erased or to restrict the processing of personal data and the right to object to the processing of the personal data (Article 15 of GDPR);
b) to obtain a copy of the personal data being processed – the first copy is free of charge and for any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs (Article 15.3 of GDPR);
c) to have incomplete personal data corrected, including by means of providing a supplementary statement (Article 16 of GDPR);
d) to have their data deleted if a Data Joint Controller no longer has a legal basis to process the data or the data are no longer required to comply with the objectives of processing (Article 17 of GDPR);
e) to have the processing restricted when: a data subject questions the accuracy of the personal data – for a period allowing the inspector to verify the accuracy of the data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the Joint Controller no longer needs the personal data but they are required by the data subject for determining, pursuing and defending against any claims; the data subject has objected to processing pending verification as to whether the legitimate grounds of the Joint Controller override those of the data subject;
f) to data portability – that is the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Joint Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller if the processing is based on consent of the data subject or on a contract concluded with the data subject and when the processing is carried out by automated means (Article 20 of GDPR);
g) the right to object to processing of their personal data for legitimate objectives of the Controller on grounds relating to their particular situation, including profiling. Then the Joint Controller will have to demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. If, following such review, the interests of the data subject override the interests of the Controller, the Controller shall be obliged to discontinue the processing of the data in connection with objectives (Article 21 of GDPR);
h) the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data does not comply with of GDPR (Article 77 of GDPR).
7) The sharing of personal data during the Cooperation is required for the Joint Controllers to perform their duties.
8) The scope of data requested in forms and documents shall be restricted to the required minimum which is as a rule set forth in the legal acts in force in the country of each Joint Controller. The collected data will not be used for any other purposes than those specified in Appendix No. 1[1], as resulting from the Consortium Agreement concluded between the Joint Controllers or from the Grant Agreement. The Joint Controllers may process the data for other legitimate purposes subject to the consent of the data subjects.
9) The personal data processed for the purposes specified herein may be transferred to the following third countries:
a) … - pursuant to Article 45 of GDPR – on the basis of an adequacy decision of the Commision;
b) … - pursuant to Article 46.2.c) of GDPR – on the basis of standard data protection clauses adopted by the Commission in accordance with the examination procedure in Article 93.2 or pursuant to Article 49 of GDPR. A copy of standard data protection clauses referred to in the preceding sentence shall be provided when so requested by a data subject.
10) The personal data will not be processed in an automatic way (including in the form of profiling).
The Applicant hereby states that the individuals identified in the project proposal were informed about the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”).
The Applicant states that it shall fulfil the information obligation arising from Article 13 and 14 of the GDPR in relation to all individuals mentioned in the Application.
