DLR takes the protection of
personal data very seriously. We want you to know when we store which data and
how we use it. As a registered association under German civil law, we are
subject to the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data
Protection Act (BDSG) as well as the
Telemedia Data Protection Act (TTDSG). We have taken technical and organisational measures to ensure that the
regulations on data protection are observed both by us and by external service
SSL or TLS encryption
This website uses SSL or TLS
encryption for security reasons and to protect the transmission of personal
data and other confidential content (e.g. orders or enquiries to the person
responsible). You can recognise an encrypted connection by the string
"https://" and the lock symbol in your browser line. If SSL or TLS
encryption is activated, the data you transmit to us cannot be read by third
Name and address of the person responsible
The responsible person within the meaning of the General Data Protection
Regulation and other national data protection laws of the member states as well
as other data protection regulations is the:
German Aerospace Center (DLR)
Linder Höhe, 51147 Cologne, Germany
Tel.: 02203 601-0
Fax: 02203 67310
Name and address of the data protection officer
The data protection officer of
the data controller is:
Uwe Gorschütz, German
Aerospace Center e. V., Linder Höhe, 51147 Cologne, Germany
In accordance with the General
Data Protection Regulation and the Federal Data Protection Act, we use the
1. personal data
Personal data means any
information relating to an identified or identifiable natural person
(hereinafter "data subject"). An identifiable natural person is one
who can be identified, directly or indirectly, in particular by reference to an
identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person.
2. person concerned
Data subject means any
identified or identifiable natural person whose personal data are processed by
Processing is any operation or
set of operations which is performed upon personal data, whether or not by
automatic means, such as collection, recording, organisation, filing, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.
4. restriction of processing
Restriction of processing is
the marking of stored personal data with the aim of limiting their future
Profiling is any form of
automated processing of personal data which consists in using such personal
data to evaluate certain personal aspects relating to a natural person, in
particular to analyse or predict aspects relating to that natural person's
performance at work, economic situation, health, personal preferences, interests,
reliability, behaviour, location or change of location.
Pseudonymisation is the
processing of personal data in such a way that the personal data can no longer
be attributed to a specific data subject without the use of additional
information, provided that such additional information is kept separately and
is subject to technical and organisational measures to ensure that the personal
data is not attributed to an identified or identifiable natural person.
7. controller or person responsible for
The controller or person
responsible for processing is the natural or legal person, public authority,
agency or other body which alone or jointly with others determines the purposes
and means of the processing of personal data. Where the purposes and means of
such processing are determined by Union or Member State law, the controller or
the specific criteria for its designation may be provided for under Union or
Member State law.
8. order processor
Processor means a natural or legal
person, public authority, agency or other body which processes personal data on
behalf of the controller.
A recipient is a natural or
legal person, public authority, agency or other body to whom personal data are
disclosed, whether or not a third party. However, public authorities that may
receive personal data in the context of a specific investigative task under
Union or Member State law shall not be considered as recipients.
10. third party
Third party means a natural or
legal person, public authority, agency or other body other than the data
subject, the controller, the processor and the persons authorised to process
the personal data under the direct responsibility of the controller or the
Consent shall mean any freely
given specific and informed indication of the data subject's wishes in the form
of a statement or other unambiguous affirmative act by which the data subject
signifies his or her agreement to the processing of personal data relating to
him or her.
General information on the legal basis for data processing on this website
If you have consented to data
processing, we process your personal data on the basis of Art. 6 para. 1 lit. a
GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data are processed
according to Art. 9 para. 1 GDPR. In the event of express consent to the
transfer of personal data to third countries, data processing is also carried
out on the basis of Art. 49 (1) a GDPR. If you have consented to the storage of
cookies or to the access to information in your terminal device (e.g. via
device fingerprinting), the data processing is additionally carried out on the
basis of Section 25 (1) TTDSG. This consent can be revoked at any time. If your
data is required for the performance of a contract or for the implementation of
pre-contractual measures, we process your data on the basis of Art. 6 para. 1
lit. b GDPR. Furthermore, if your data is required for the fulfilment of a
legal obligation, we process it on the basis of Art. 6 para. 1 lit. c GDPR.
The data processing may also
be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
Information on the relevant legal basis in each individual case is provided in
the following paragraphs of this data protection declaration.
Unless a more specific storage period has been specified within this
processing the data no longer applies. If you assert a justified request for
deletion or revoke consent to data processing, your data will be deleted unless
we have other legally permissible reasons for storing your personal data (e.g.
retention periods under tax or commercial law); in the latter case, the data
will be deleted after these reasons no longer apply.
Revocation of your consent to data processing
Many data processing operations are only possible with your express
consent. You can revoke consent you have already given at any time. The
legality of the data processing carried out until the revocation remains
unaffected by the revocation.
object to the collection of data in specific cases and to direct marketing
(Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE
THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR
REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING
BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS
BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL
NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING
LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND
FREEDOMS, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR
DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) OF THE DATA PROTECTION
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING,
YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA
CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO
PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT,
YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF
DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of
appeal to a supervisory authority, in particular in the Member State of their
habitual residence, their place of work or the place of the alleged breach. The
right of appeal is without prejudice to any other administrative or judicial
Right to data
You have the right to have data that we process
automatically on the basis of your consent or in fulfilment of a contract
handed over to you or to a third party in a common, machine-readable format. If
you request the direct transfer of the data to another controller, this will
only be done insofar as it is technically feasible.
Information, deletion and correction
Within the framework of the applicable legal provisions, you
have the right at any time to free information about your stored personal data,
its origin and recipient and the purpose of the data processing and, if
applicable, a right to correction or deletion of this data. You can contact us
at any time for this purpose and for further questions on the subject of
Right to restrict processing
You have the right to request the restriction of the
processing of your personal data. To do this, you can contact us at any time.
The right to restriction of processing exists in the following cases:
<![if !supportLists]>- <![endif]>If
you dispute the accuracy of your personal data stored by us, we usually need
time to check this. For the duration of the verification, you have the right to
request the restriction of the processing of your personal data.
<![if !supportLists]>- <![endif]>If
the processing of your personal data happened/is happening unlawfully, you can
request the restriction of data processing instead of erasure.
<![if !supportLists]>- <![endif]>If
we no longer need your personal data, but you need it to exercise, defend or
enforce legal claims, you have the right to request restriction of the
processing of your personal data instead of deletion.
<![if !supportLists]>- <![endif]>If
you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your
interests and ours must be carried out. As long as it has not yet been
determined whose interests prevail, you have the right to demand the
restriction of the processing of your personal data.
If you have restricted the processing of your personal data,
such data may - apart from being stored - only be processed with your consent
or for the establishment, exercise or defence of legal claims or for the
protection of the rights of another natural or legal person or for reasons of
important public interest of the European Union or a Member State.
Objection to advertising e-mails
The use of contact data published within the scope of the
imprint obligation to send advertising and information material that has not
been expressly requested is hereby prohibited. The operators of the pages
expressly reserve the right to take legal action in the event of the
unsolicited sending of advertising information, such as spam e-mails.
Data collection on this website
Our internet pages use so-called "cookies".
Cookies are small data packets and do not cause any damage to your end device.
They are stored either temporarily for the duration of a session (session
cookies) or permanently (permanent cookies) on your end device. Session cookies
are automatically deleted at the end of your visit. Permanent cookies remain
stored on your end device until you delete them yourself or until they are
automatically deleted by your web browser.
In some cases, cookies from third-party companies may also
be stored on your terminal device when you enter our site (third-party
cookies). These enable us or you to use certain services of the third-party
company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically
necessary, as certain website functions would not work without them (e.g. the
shopping cart function or the display of videos). Other cookies are used to
evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic
communication process, to provide certain functions that you have requested
(e.g. for the shopping cart function) or to optimise the website (e.g. cookies
to measure the web audience) (necessary cookies) are stored on the basis of
Art. 6 (1) lit. f GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in storing
necessary cookies for the technically error-free and optimised provision of its
services. Insofar as consent to the
storage of cookies and comparable recognition technologies
was requested, the processing is carried out exclusively on the basis of this
consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); the consent can be
revoked at any time.
You can set your browser so that you are informed about the
setting of cookies and only allow cookies in individual cases, exclude the
acceptance of cookies for certain cases or in general and activate the
automatic deletion of cookies when closing the browser. If you deactivate
cookies, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis
purposes, we will inform you about this separately within the framework of this
data protection declaration and, if necessary, request your consent.
Server log files
The provider of the pages automatically collects and stores
information in so-called server log files, which your browser automatically
transmits to us. These are:
<![if !supportLists]>- <![endif]>Browser
type and version
<![if !supportLists]>- <![endif]>Operating
<![if !supportLists]>- <![endif]>Referrer
<![if !supportLists]>- <![endif]>Host
name of the accessing computer
<![if !supportLists]>- <![endif]>Time
of the server request
<![if !supportLists]>- <![endif]>IP
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit.
f GDPR. The website operator has a legitimate interest in the technically
error-free presentation and optimisation of its website - for this purpose, the
server log files must be collected.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry
including all resulting personal data (name, enquiry) will be stored and
processed by us for the purpose of processing your request. We will not pass on
this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b
GDPR if your request is related to the performance of a contract or is
necessary for the implementation of pre-contractual measures. In all other
cases, the processing is based on our legitimate interest in the effective
processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your
consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be
revoked at any time.
The data you send to us via contact requests will remain
with us until you request us to delete it, revoke your consent to store it or
the purpose for storing the data no longer applies (e.g. after we have
completed processing your request). Mandatory statutory provisions - in
particular statutory retention periods - remain unaffected.
On our website, we offer users the opportunity to register
by providing personal data. The data is entered in an input mask and
transmitted to us and stored. The data is not passed on to third parties. The
following data is collected during the registration process:
<![if !supportLists]>- <![endif]>E-mail
<![if !supportLists]>- <![endif]>Name
<![if !supportLists]>- <![endif]>First
The following data is also stored at the time of
<![if !supportLists]>- <![endif]>Date
and time of registration
The user's consent to the processing of this data is
obtained as part of the registration process. The legal basis for the
processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his
Registration of the user is required for the provision of
certain content and services, in particular the submission of documents on our
The registration data will be stored on our server until the
registration is terminated (see VI e).
As a user, you have the option of cancelling your
registration at any time. You can have the data stored about you changed at any
You can delete or change the account by contacting the
technical contact Projektträger im Deutschen Zentrum für Luft- und Raumfahrt
e.V., Management/IKT-Service by e-mail at the address email@example.com.
After the binding digital submission of documents, premature
deletion of registration data is no longer possible. In this case, these data
will be anonymised.
German Aerospace Center
DLR Project Management Agency
Dr. Sabrina Voß and Dr. Katrin Michel
Phone: (+49) 228-3821 2111