Logo WBNK Wissenschaftlicher Beirat für Natürlichen Klimaschutz
Gräser am Ufer
© Almuth Kriele

Privacy Policy

The German Aerospace Centre (Deutsches Zentrum für Luft- und Raumfahrt e.V. – DLR) takes the protection of your personal data very seriously. In accordance with the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, this data protection notice informs you about the processing of your personal data by DLR and the rights to which you are entitled. This information will be updated as necessary and made available to you. We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

German Aerospace Centre (DLR)
Linder Höhe
51147 Cologne
Telefon: +49 2203 601-0
Email: datenschutz@dlr.de
WWW: https://www.dlr.de

II. Name and address of the data protection officer

You can reach the data protection officer of the controller at

German Aerospace Centre, Linder Höhe, 51147 Cologne
Email: datenschutz@dlr.de

III. Definition of terms

In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this privacy policy:

  1. Consent
    Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  2. Personal data
    Personal data is any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  3. Data subject
    Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
  4. Processing
    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  5. Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
  6. Profiling
    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  7. Pseudonymisation
    Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  8. Controller or controller responsible for the processing
    The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  9. Processor
    Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  10. Recipient
    Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
  11. Third party
    A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

IV. General information on data processing

  1. Scope of the processing of personal data
    We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
  2. Legal basis for the processing of personal data
    If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and additionally on the basis of § 25 para. 1 TDDDG. Consent can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR. Furthermore, we process your data if it is necessary for the fulfilment of a legal obligation on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.
  3. Data erasure and storage duration
    The personal data of the data subject will be erased or blocked as soon as the purpose of the processing no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
  4. Revocation of your consent to data processing

    Many data processing operations are only possible with your express consent. You can withdraw your consent at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

V. External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website is stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The host is used for the purpose of fulfilling the contract with our potential and existing customers and in the interest of secure, fast, and efficient provision of our online services by a professional provider according to Article 6, paragraph 1, part (f) of the GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Article 6, paragraph 1, part (a) of the GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We currently use the following hoster:

HostPress GmbH
Bahnhofstraße 34
66571 Eppelborn
Germany

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

2. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6, paragraph 1, part (f) of the GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.

3. Contact

If you contact us by e-mail, mail, or telephone, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Article 6, paragraph 1, part (b) of the GDPR, if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us acccording to Article 6, paragraph 1, part (f) of the GDPR or on the basis of your consent (Article 6, paragraph 1, part (a) GDPR) if it has been obtained; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

4. Newsletter

If you register on the newsletter mailing list, your email address, the date and time of registration will be stored by us on a server. The data is processed on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. We use this data exclusively for sending the newsletter and for statistical evaluations to analyse system performance. We do not pass on your data to third parties and do not use it for any other purposes of our own.

The registration system with an additional confirmation message containing a link for final registration (double opt-in) ensures that you explicitly wish to receive the newsletter.

When you register, your data is stored on our server and a confirmation message with a link to the final registration is generated and sent to the e-mail address you have provided. Only when you confirm the link in the e-mail will your data for sending the newsletter be stored for the duration of your use of our newsletter service.

If you no longer agree to the storage of your data for this purpose and therefore no longer wish to use our service, you can unsubscribe from our newsletter at any time. The data you have provided will be deleted. To do this, you will need the e-mail address you provided when you registered.

VI. Use of Matomo

1. Scope of the processing of personal data

We use the open source software tool Matomo on our website to analyse the surfing behaviour of our users. If individual pages of our website are called up, the following data is stored:

  1. Two bytes of the IP address of the calling system of the user
  2. The website called up
  3. The website from which the user reached the accessed website (referrer)
  4. The subpages accessed from the accessed website
  5. The length of time spent on the website
  6. The frequency with which the website is accessed

The software is set so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer, so that you remain anonymous as a user.

2. Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is Article 6, paragraph 1, part (f) of the GDPR.

3. Purpose of the data processing

The processing of the users’ personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. Profiling does not take place. These purposes are also our legitimate interest in processing the data in accordance with Article 6, paragraph 1, part (f) of the GDPR. By masking the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

4. Right to objection and removal

We offer users of our website an opt-out option for the analysis procedure. Users can consent to or rejcet tracking by clicking on the corresponding link. As a result, a cookie will be placed on the user’s system that tells our system to proceed accordingly.

Cookies are stored on the user’s computer and then sent to our page from this. This is why you have full control over the use of cookies as a user. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can take place automatically. If cookies for our website are deactivated you may not be able to use all of the functions provided by the website.

Click the following link for more information about the privacy settings for the Matomo software: https://matomo.org/docs/privacy/ .

Hosting
We host Matomo exclusively on our own servers, so all analytics data remains with us and is not shared with third parties.

VII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller in accordance with the provisions set out below:

  1. In accordance with Art. 15 GDPR, you can request information about the personal dataprocessed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period and the existence of the rights explained in this section 4 and 6.
  2. In accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.
  3. In accordance with Art. 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or even potential defence of legal claims.
  4. In accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute its accuracy, if the processing is unlawful but you refuse to delete it and we no longer need the personal data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Art. 21 GDPR.
  5. In accordance with Art. 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller.
  6. In accordance with Art. 7 para. 3 GDPR, you can revoke any consent you have given us under data protection law at any time. As a result, we may no longer continue the data processing that was based on this consent in the future.
  7. Right to object pursuant to Art. 21 GDPR
    If personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21 para. 6 of the GDPR.
  8. In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the controller is available for this purpose.

To exercise these rights, please contact the office specified in Section I. or II.