Information on data protection

DLR takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. As a registered association under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as the Telecommunications Telemedia Data Protection Act (TTDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Name and address of the person responsible

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

German Aerospace Center (DLR)
Linder Höhe, 51147 Cologne, Germany

Tel.: 02203 601-0

Fax: 02203 67310

Email:   contact-dlr@dlr.de
WWW: https://www.dlr.de

Name and address of the data protection officer

The data protection officer of the data controller is:

Uwe Gorschütz, German Aerospace Center e. V., Linder Höhe, 51147 Cologne, Germany
E-mail: datenschutz@dlr.de

Definitions

In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this privacy policy:

1. personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. person concerned

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

3. processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

5 Profiling

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

6. pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

8. order processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. receiver

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

10. third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

11. consent

Consent shall mean any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed according to Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. This consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR.

The data processing may also be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

Storage period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) OF THE DATA PROTECTION ACT).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose and for further questions on the subject of personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

-  If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

-  If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.

-  If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

-  If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Data collection on this website

Cookies

Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified.

The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Insofar as consent to the

storage of cookies and comparable recognition technologies was requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

-  Browser type and version

-  Operating system used

-  Referrer URL

-  Host name of the accessing computer

-  Time of the server request

-  IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Registration

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

-  E-mail address

-  Name

-  First name

The following data is also stored at the time of registration:

-  Date and time of registration

The user's consent to the processing of this data is obtained as part of the registration process. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

Registration of the user is required for the provision of certain content and services, in particular the submission of documents on our website.

The registration data will be stored on our server until the registration is terminated (see VI e).

As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time.

You can delete or change the account by contacting the technical contact Projektträger im Deutschen Zentrum für Luft- und Raumfahrt e.V., Management/IKT-Service by e-mail at the address pt-webservice@dlr.de.

After the binding digital submission of documents, premature deletion of registration data is no longer possible. In this case, these data will be anonymised.


Privacy JFS24STI

We care about Data Protection! Please carefully read the Privacy Notice and give your consent at the bottom of the page. Thank you! 

 

Privacy Notice JFS
Information about Data Protection

DLR / Joint Funding Scheme Project Management takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.

This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller). A connection is encrypted if you see the character sequence 'https://' and the padlock icon in your browser's address bar.

 

I. Name and address of the controller

The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:

German Aerospace Center

Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)
Linder Höhe
51147 Cologne

Telephone: +49 2203 601-0
Email: datenschutz@dlr.de
WWW: https://www.dlr.de

 

II. Name and address of the data protection officer

The controller’s appointed data protection officer is:

Uwe Gorschütz, Deutsches Zentrum für Luft- und Raumfahrt e. V., Linder Höhe, 51147 Cologne
Email: datenschutz@dlr.de

 

III. General information on data processing

1. Scope of processing of data

For the implementation of the Southeast Asia - Europe Joint Funding Scheme for research and innovation we process personal data concerning our applicants exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.

2. Legal grounds for the processing of personal data

Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6 (1)(a) of the EU General Data Protection Regulation (GDPR).

Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6 (1)(b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.

Where personal data is processed for compliance with a legal obligation to which our research centre is subject, the legal grounds are set out in Art. 6 (1)(c) of the GDPR.

Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6 (1)(d) of the GDPR.

Where processing is necessary for the legitimate interests of our research centre or a third party, and where the fundamental rights and freedoms of the data subject do not override the first interests, the legal grounds are set out in Art. 6 (1)(f) of the GDPR.

3. Data retention period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.

 

IV. Overview of Data Processing Activities 

a) Categories of Data 

Our website includes an application form that can be used to contact us by electronic means. Where a data subject uses this option, the data entered in the input screen will be transferred to us and stored. This applies to the following data:

·       First name

·       Family name

·       Contact information (e.g. address, telephone number, email address)

·       Institution / position (e.g. senior lecturer, professor, ministerial staff, legal adviser)

·       Project information (e.g. title, summary, budget, description)

The following data is processed additionally when sending a message:

·       IP address of the user

·       Date and time of registration

Your consent for data processing will be obtained, and you will be referred to this Privacy Notice during the sending process.

Alternatively, it is possible to contact us using the email address provided. The personal data of the user transferred with the email will be stored in this case.

b) Legal basis of data processing

The legal basis for processing the data in the event that consent has been received from the user is set out in Article 6(1)(a) GDPR.

The legal basis for processing the data sent to us by email is set out in Article 6(1)(f) GDPR (legitimate interest – communication and support). Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Article 6(1)(b) GDPR (contract performance).

The legal basis for international data transfers to third countries without an adequacy decision is Article 49(1)(a) GDPR (explicit consent).

c) Purpose of data processing and categories of recipients

We use the personal data you provide in the application form exclusively to process your enquiry. In the case of contact by email, this represents our necessary, legitimate interest in data processing.

DLR will transfer these data to the following recipients in the framework of this Agreement:

·       JFS Call Secretariat / JFS Programme Coordinators

·       National Focal Points / Funding Agencies

·       Evaluators

·       Scientific Council Members

·       Programme Steering Committee Members

We transfer the data to the recipient for the following matters:

Evaluation: Eligibility Check, Peer review
Funding decision 
Contacting funded projects: Information
Building und strengthening research cooperation between Southeast Asia and Europe

d) International Data Transfers 

As part of the JFS funding process, certain personal data must be shared with the JFS Call Secretariat, Programme Coordinators, National Focal Points, Evaluators, Scientific Council Members and Programme Steering Committee Members located in non-EU countries (third countries). These countries do not provide a level of data protection equivalent to the European Union’s GDPR standards.

By submitting your data, you explicitly consent to the transfer of your personal data to these third countries, in accordance with Article 49(1)(a) GDPR.

Important Notice:

·       Your personal data may be accessed by the JFS Call Secretariat, relevant national funding agencies, and evaluators in these third countries.

·       There is a risk that authorities in these countries could access your data without adequate legal remedies available to you.

·       This transfer occurs only on the basis of your explicit consent, and you have the right to withdraw your consent at any time.

·       If you withdraw your consent, further participation in the JFS funding process may no longer be possible.


e) Data retention period

The data is erased as soon as it is no longer needed for the purpose for which it was collected. For personal data entered in the input screen of the contact form and personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively.

Any additional personal data collected during the sending process will be deleted after a maximum of seven days.

f) Provision of personal data

There is no obligation to provide personal data. Where these data are not provided either completely or in part, the processing is not possible or is only possible to a limited extent. This shall not apply to such data that we process within the scope of consent.

g) Automated decision making

Automated decision-making does not take place.

 

V. Data subjects’ rights

You have the following rights against DLR with regard to the personal data concerning you. In order to exercise these rights, please contact the office indicated in section II.

 

Right of access - Art. 15 GDPR

The right of access grants the data subject comprehensive insight into the data concerning him or her and into other important criteria, such as the purposes of the processing or the period for which the data shall be stored. The derogations of this right laid down in Sect. 34 BDSG are applicable.

 

Right of rectification - Art. 16 GDPR

The right to rectification implies the possibility for the data subject to have inaccurate personal data concerning him or her rectified.

 

Right to erasure - Art. 17 GDPR

The right to erasure entails the possibility for the data subjects to have data erased at the controller. This is, however, only possible if the data concerning him or her are no longer necessary, if they have been unlawfully processed, or a corresponding consent has been withdrawn. The derogations laid down in Sect. 35 BDSG are applicable.

 

Right to restriction of processing - Art. 18 GDPR

The right to restriction of processing includes the possibility for the data subject to prevent for the time being any further processing of personal data concerning him or her. A restriction mainly occurs at the stage of examining other exercises of rights by the data subject.

 

Right to data portability - Art. 20 GDPR

The right to data portability implies the right for the data subject to receive from the controller the personal data concerning him or her in a commonly used, machine-readable format in order to have them, if necessary, transferred to another controller. In accordance with Art. 20 para. 3 sentence 2 of the GDPR, that right is not available if the data processing serves the purpose of performing public tasks.

 

Right to object - Art. 21 GDPR

The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. The derogations laid down in Sect. 36 BDSG are applicable.

 

Withdrawal of consent

The data subjects are entitled to withdraw their consent to the processing of personal data at any time with effect for the future (contact email: datenschutz@dlr.de, see section II).

Correspondence will be discontinued in these cases. All personal data stored in connection with contacting us will be deleted in this case.

You can also withdraw your consent for the international transfer of your personal data at any time. Your withdrawal will take effect immediately, but will not affect the lawfulness of the data processing carried out before the withdrawal. If you withdraw your consent, your personal data will no longer be transferred to the third-country recipients, and your participation in the funding process may have to be discontinued.

 

Complaint to a supervisory authority - Art. 77 GDPR

Every data subject has the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the person responsible is available for this purpose.