Information on data protection

DLR takes the protection of personal data very seriously. We want you to know when we store which data and how we use it. As a registered association under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as the Telecommunications Telemedia Data Protection Act (TTDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Name and address of the person responsible

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

German Aerospace Center (DLR)
Linder Höhe, 51147 Cologne, Germany

Tel.: 02203 601-0

Fax: 02203 67310

Email:   contact-dlr@dlr.de
WWW: https://www.dlr.de

Name and address of the data protection officer

The data protection officer of the data controller is:

Uwe Gorschütz, German Aerospace Center e. V., Linder Höhe, 51147 Cologne, Germany
E-mail: datenschutz@dlr.de

Definitions

In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this privacy policy:

1. personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. person concerned

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

3. processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

5 Profiling

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

6. pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

8. order processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9. receiver

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

10. third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

11. consent

Consent shall mean any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed according to Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) a GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. This consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, if your data is required for the fulfilment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR.

The data processing may also be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this data protection declaration.

Storage period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) OF THE DATA PROTECTION ACT).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right of appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this purpose and for further questions on the subject of personal data.

Right to restrict processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:

-  If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

-  If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.

-  If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

-  If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Data collection on this website

Cookies

Our internet pages use so-called "cookies". Cookies are small data packets and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified.

The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Insofar as consent to the

storage of cookies and comparable recognition technologies was requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

-  Browser type and version

-  Operating system used

-  Referrer URL

-  Host name of the accessing computer

-  Time of the server request

-  IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - for this purpose, the server log files must be collected.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Registration

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

-  E-mail address

-  Name

-  First name

The following data is also stored at the time of registration:

-  Date and time of registration

The user's consent to the processing of this data is obtained as part of the registration process. The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.

Registration of the user is required for the provision of certain content and services, in particular the submission of documents on our website.

The registration data will be stored on our server until the registration is terminated (see VI e).

As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time.

You can delete or change the account by contacting the technical contact Projektträger im Deutschen Zentrum für Luft- und Raumfahrt e.V., Management/IKT-Service by e-mail at the address pt-webservice@dlr.de.

After the binding digital submission of documents, premature deletion of registration data is no longer possible. In this case, these data will be anonymised.


Privacy AFR-EU_CALL_CS4RRA

Privacy notice on the processing of personal data in the context of

your application to the African-European Call for proposals CS4RRA 2025

Information according to Art. 13 General Data Protection Regulation (GDPR)

The protection of your personal data is a particular concern of the Federal Ministry for Research, Technology and Space (BMFTR). With this privacy notice, we inform you — in accordance with the EU General Data Protection Regulation (GDPR) applicable as of May 25, 2018 — about the processing of your data by the German Aerospace Center (DLR) on behalf of the BMFTR, as well as about your rights.

The term ‘personal data’ refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

You can find detailed information in this privacy notice regarding which data is collected for which purpose and on what legal basis, how to contact the responsible body and the Data Protection Officer, and what rights you have in relation to the processing of your personal data. This privacy notice will be updated as necessary and made available to you. 

1.      Controller and Data Protection Officer
The Controller within the meaning of the GDPR is the

Federal Ministry for Research, Technology and Space (BMFTR)
D-53170 Bonn
Phone: +49 (0)228 9957-0
Fax: +49 (0)228 99578-3601
Email: poststelle@bmftr.bund.de

If you have specific questions regarding the protection of your data, please contact the Data Protection Officer of the BMFTR:

Federal Ministry for Research, Technology and Space
"Data Protection Officer"
D-53170 Bonn
Phone: +49 (0)228 9957-3369
Fax: +49 (0)228 99578-3369
Email: datenschutz@bmftr.bund.de

2.      Purpose of the processing activities
The purpose of the processing is to record the project application submitted in response to the CS4RRA 2025 call for proposals and to further process the application as part of the review process, including forwarding the application to the reviewers. The internal DLR Project Management Agency (DLR Projektträger/DLR-PT) tool/website “PT-Outline” is used for this purpose. Applicants enter their data into this tool to submit their project applications in a structured and secured manner. 

3.      Data categories
The following personal data are processed within the scope of the processing activity:

  • Full names of all partners of the consortium (coordinator/ applicant and project partners);
  • Contact details (address, phone, e-mail) of all partners of the consortium;
  • Professional affiliation and position of all partners of the consortium;
  • Project proposal, consisting of the project description and information on the requested budget (total budget, as well as broken down into staff costs, mobility costs, material costs, costs for knowledge exchange/ research uptake/ dissemination activities, subcontracting costs, overheads, other costs; if relevant).

Visiting the website “PT-Outline”

The website “PT-Outline” automatically collects information transmitted by your browser and saves it in so called server log files.

The following data (logging data pursuant to Section 2 (8a) of the BSI Act) are collected each time you visit our website:

(1) Information about browser type and version
(2) user’s operating system
(3) user´s IP address
(4) Date and time of access
(5) Referrer website(s)
(6) Websites the user accesses from our website

These data are not stored together with other personal data of the user.

Logging data are created to protect against attacks on the technical infrastructure and communication technology of the federal government and its service providers, and to detect, limit, or eliminate faults or errors. The data are stored and analyzed beyond the time of the visit. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website.

Please note, that the website requires the acceptance of technically necessary cookies to ensure the functionality of the site. Cookies are stored on the user's device and transmitted from it to our website. Therefore, as a user, you have full control over the use of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all of the website's functions in full.

4.      Legal basis of the processing activities
Your personal data will be processed for the purpose of administering the funding project. All processing of personal data for the purpose of implementing the project funding procedure is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 of the Federal Data Protection Act (BDSG). According to these provisions, the processing of personal data is lawful when it is necessary for the performance of a task carried out in the public interest. The processing of personal data is necessary in order to implement funding procedures in accordance with Sections 23 and 44 of the Federal Budget Code (BHO) and to ensure the lawfulness of the receipt of the funding. Furthermore, the processing is required in order to meet the transparency requirements placed on the BMFTR as the granting authority regarding the use of public funds.

The processing of logging data is based on Article 6(1)(c) and (e) GDPR in conjunction with Sections 5(1) sentence 4 and 5a sentence 2 of the BSI Act.

The use of cookies is based on Section 25(2) No. 2 of the German Telecommunications-Digital Services Data Protection Act (TDDDG).

5.      Categories of recipients
Your personal data will be forwarded to and processed by the staff members of the BMFTR responsible for this task, as well as by employees of the contracted service provider (German Aerospace Center – DLR, DLR Project Management Agency – DLR-PT) with whom a data processing agreement have been concluded. In this connection, it shall always be assessed whether the transfer is necessary to that effect. Your data will only be passed on if confidentiality is maintained and only to the extent permitted by a legal basis.

In this case personal data is disclosed to the following departments: 

  • The CS4RRA-Call Secretariat consisting of employees from DLR Project Management Agency (DLR-PT) and Agence nationale de la recherche (ANR), who will be in charge of the eligibility check and the overall organization of the reviewing process.
  • The Reviewers who will evaluate the proposals submitted in response to the CS4RRA 2025 call for proposals.
  • The Group of Funding Parties who will be regularly informed about the partial results as part of the selection process.

6.      Data retention period
The storage of personal data in project files is governed by the retention periods applicable to written records as set out in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries (GGO), as well as by specific legal provisions for the retention of budgetary data (in particular the Administrative Regulations for the Use of the Federal Budget Code – VV ZBR BHO). The criteria for determining the retention periods according to the Registry Directive can be found in Annex 5 of the directive. As a rule, the maximum storage period will not exceed 20 years, unless specific circumstances or legal obligations necessitate a longer retention period.

Logging data stored in log files will be deleted after seven days at the latest. A longer storage period is possible. In this case, the users' IP addresses are deleted or alienated, so that an assignment of the calling client is no longer possible.

In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject.

7.      Data subjects’ rights
You have the following rights against BMFTR with regard to the personal data concerning you. In order to exercise these rights, please contact the office indicated in section 1.

  • Right of access - Art. 15 GDPR

The right of access grants the data subject comprehensive insight into the data concerning him or her and into other important criteria, such as the purposes of the processing or the period for which the data shall be stored. The derogations of this right laid down in Sect. 34 BDSG are applicable.

  • Right of rectification - Art. 16 GDPR

The right to rectification implies the possibility for the data subject to have inaccurate personal data concerning him or her rectified.

  • Right to erasure - Art. 17 GDPR

The right to erasure entails the possibility for the data subjects to have data erased at the controller. This is, however, only possible if the data concerning him or her are no longer necessary, if they have been unlawfully processed, or a corresponding consent has been withdrawn. The derogations laid down in Sect. 35 BDSG are applicable.

  • Right to restriction of processing - Art. 18 GDPR

The right to restriction of processing includes the possibility for the data subject to prevent for the time being any further processing of personal data concerning him or her. A restriction mainly occurs at the stage of examining other exercises of rights by the data subject.

  • Right to data portability - Art. 20 GDPR

The right to data portability implies the right for the data subject to receive from the controller the personal data concerning him or her in a commonly used, machine-readable format in order to have them, if necessary, transferred to another controller. In accordance with Art. 20 para. 3 sentence 2 of the GDPR, that right is not available if the data processing serves the purpose of performing public tasks.

  • Right to object - Art. 21 GDPR

The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. The derogations laid down in Sect. 36 BDSG are applicable.

  • Withdrawal of consent

Data subjects have the option to withdrawal their data protection consent at any time with effect for the future by sending an email to Call-Secretariat@cs4rra.de.

The lawfulness of processing your personal data on the basis of the consent provided by you remains unaffected until your withdrawal of consent has been received.

  • Complaint to a supervisory authority - Art. 77 GDPR

Every data subject has the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the person responsible is available for this purpose.

8.      Provision of personal data
There is no obligation to provide personal data. Where these data are not provided either completely or in part, the processing is not possible or is only possible to a limited extent. 

9.      Automated decision making
Your data is not used by the BMFTR for automated decision-making or profiling pursuant to Article 22 GDPR.