Information about Data Protection

DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.

This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller). A connection is encrypted if you see the character sequence ‘https://’ and the padlock icon in your browser’s address bar.

I. Name and address of the controller

The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:

Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)
Linder Höhe
51147 Cologne

Telephone: +49 2203 601-0
Email: datenschutz@dlr.de
WWW: https://www.dlr.de

II. Name and address of the data protection officer

The controller’s appointed data protection officer is:

Uwe Gorschütz, Deutsches Zentrum für Luft- und Raumfahrt e. V., Linder Höhe, 51147 Cologne
Email: datenschutz@dlr.de

III. Definition of terms

Among others, we use the following terms in this Privacy Policy, set out in the General Data Protection Regulation and the Federal Data Protection Act:

1. Personal data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or data processing controller

Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11.Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

IV. General information on data processing

1. Scope of processing of personal data

We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.

2. Legal grounds for the processing of personal data

Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6, paragraph 1, part (b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.

Where personal data is processed for compliance with a legal obligation to which our research centre is subject, the legal grounds are set out in Art. 6, paragraph 1, part (c) of the GDPR.

Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6, paragraph 1, part (d) of the GDPR.

Where processing is necessary for the legitimate interests of our research centre or a third party, and where the fundamental rights and freedoms of the data subject do not override the first interests, the legal grounds are set out in Art. 6, paragraph 1, part (f) of the GDPR.

3. Data deletion and duration of data storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.

V. Provision of the website and generation of log files

a) Description and scope of data processing

Our system automatically collects data and information from the accessing computer system each time our website is visited.

The following data is collected in this context:
1.Information about the browser type and version
2.The user’s operating system
3.The user’s Internet Service Provider
4.The user’s IP address
5.The date and time of access
6.Referrer website(s)
7.Websites accessed by the user from our website

The data is also stored in log files kept on our system. This data is not stored together with other personal data concerning the user.

b) Legal grounds for data processing

The legal grounds for temporary storage of the data and log files are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).

c) Purpose of data processing

Temporary storage of the IP address by our system is necessary to deliver the website to the computer of the user. For this purpose, the user’s IP address must be stored for the duration of the session.

Storage in log files takes place to ensure functionality of the website. In addition, the data is used to optimise the website and to ensure security of our Information Technology systems. Data analysis for marketing purposes does not take place in this context.

The DLR website collects a variety of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in server log files. The data and information collected include the (1) browser types and versions; (2) the operating system used by the accessing system; (3) the website from which the accessing system arrives on our website (the referrer); (4) the sub-pages visited by the accessing system; (5) the date and time of accessing our website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system and (8) other similar data and information that is used to protect against risks in the case of attacks on our Information Technology systems.

DLR does not draw any conclusions about the identity of the data subject during use of this general data and information. Instead, this information is necessary to (1) deliver the contents of our website in their correct form; to (2) optimise the contents of our website and promote it; to (3) guarantee the permanent functionality of our information technology systems and equipment used for our website; and to (4) provide the information necessary for law enforcement organisations to investigate cyber-attacks. This anonymous data and information is analysed by DLR, firstly for statistical purposes, and secondly with the objective of increasing data protection and data security at our research centre, and hence to achieve an optimum level of protection for the personal data processed by us. The anonymous data contained in the server log files is stored separately from all other personal data concerning the data subject.

These purposes justify our legitimate interests in data processing according to Art. 6, paragraph 1, part (f) of the GDPR.

d) Duration of storage

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.

In the case of data stored in log files, this occurs after no longer than seven days. Further storage is possible; in these cases, the users’ IP addresses are deleted or pseudonymised to prevent any association with the accessing client.

e) Right to objection and removal

The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.

VI. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files placed on the user’s computer system by a browser and stored there.

Numerous websites and servers use cookies. Many cookies contain what is referred to as a cookie ID. A cookie ID is a unique cookie identifier. It consists of a sequence of characters with which Internet pages and servers can be assigned to the Internet browser in which the cookie was stored. This enables visited Internet pages and servers to distinguish the data subject’s individual browser from other Internet browsers containing different cookies. The unique cookie ID is used to recognise and identify a particular Internet browser.

The use of cookies allows DLR to provide visitors to this website more user-friendly services than would be possible without cookies.

We use technically necessary cookies to improve our website’s user friendliness. Some elements on our website make it necessary to recognise the accessing browser when moving from page to page. Cookies can be used to optimise the information and services on our website in the interests of our users. As stated above, cookies allow us to recognise visitors to our website. The purpose of this recognition is to facilitate use of our website by visitors. For instance, visitors to a website that uses cookies do not need to enter login details during each visit, as this information is obtained by the website from the cookie placed on the user’s computer system.

In addition, our website uses cookies to analyse Internet usage by visitors.

The following data can be transferred in this way:
•Search terms entered
•Frequency of page access
•Usage of website functions

Technical measures are implemented to pseudonymise the data collected from users in this way. It is therefore not possible to associate the data with the accessing user. The data is not stored together with other personal data concerning the user.

An information banner referring users to the use of cookies for analysis purposes is shown when they access our website, and reference to this Privacy Notice is provided. Users are also informed of how to adjust their browser settings in order to prevent the storage of cookies.

Users are informed of our use of cookies for analysis purposes when accessing our website, and their consent to the processing of personal data used in this context is obtained. A reference to this Privacy Notice is provided as well.

Section IX contains a detailed description of data processing in connection with the web analysis tools that we use.

b) Legal basis for data processing

i. The legal grounds for the processing of personal data using technically necessary cookies are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).
ii. The legal grounds for the processing of personal data using cookies for analysis purposes with consent of the user are set out in Art. 6, paragraph 1, part (a) of the GDPR.

c) Purpose of data processing

Technically necessary cookies are used to make our website user friendly. Some functions on our website cannot be provided without the use of cookies, as they require that the browser is recognised when moving from page to page.

The user data collected with technically necessary cookies is not used to produce user profiles.

On the use of cookies that are not necessary for technical reasons:

Analysis cookies are used to improve the quality of our website and its contents. Through the use of analysis cookies, we find out how the website is used and are therefore able to optimise our service continuously. A more precise description is contained under Section IX of this document.

These purposes represent our legitimate interest in processing personal data according to Art. 6, paragraph 1, part (f) of the GDPR.

e) Duration of storage; right to objection and removal

The data subject can adjust the settings of the Internet browser at any time to prevent our website from placing cookies as described, and therefore block cookies on a permanent basis. In addition, the browser or other software programs can be used to delete cookies that have already been placed at any time. This is possible with all standard Internet browsers. The data subject may not be able to use the full functionality of our website if cookies are disabled in the active Internet browser.

You can change the settings of your Internet browser to disable or restrict the transfer of cookies at any time. Cookies that have already been placed on your computer can be deleted at any time. This can take place automatically. Disabling cookies may prevent you from using the full functionality of our website.

VII. Newsletter

a) Description and scope of data processing

Visitors to our website have the option of subscribing to a free newsletter. The data entered in the input screen while registering for the newsletter is transmitted to us.

The form requests the subscriber’s name and email address:
•First name
•Last name
•Email address
•Publication / organisation (when registering for the press newletter)

The following data are also collected during registration and stored in the database:
•Newsletter ID
•Newsletter Format: Text
•Subscription Status (Subscribed, Activated, Unsubscribed)
•Subscription Date, Activation Date, Unsubscription Date

Your consent to the processing of data is obtained during the registration process, and you are referred to this Privacy Notice.

No data is transferred to third parties in connection with data processing for delivery of the newsletter. The data is used exclusively to deliver the newsletter.

b) Legal basis for data processing

The newsletter is delivered based on registration by the user on our website. The legal basis for processing of the data after registration for the newsletter is, upon receipt of consent by the user, set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

c) Purpose of data processing

The user’s email address is collected in order to deliver the newsletter.

d) Duration of storage

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. Therefore, the user’s email address and first and family names will be stored for as long as the newsletter subscription remains active.

e) Right to objection and removal

The data subject can unsubscribe to the newsletter at any time. Each newsletter includes a suitable link.

VIII. Contact form and email contact

a) Description and scope of data processing

Our website includes a contact form that can be used to make contact with us by electronic means. Where a data subject uses this option, the data entered in the input screen will be transferred to us and stored. This applies to the following data:
•First name
•Family name
•Email address

The following data is stored additionally when sending a message:
•IP address of the user
•Date and time of registration

Your consent for data processing will be obtained, and you will be referred to this Privacy Notice during the sending process.

Alternatively, it is possible to contact us using the email address provided. The personal data of the user transferred with the email will be stored in this case.

The data is not transferred to third parties in this context. The data is used exclusively for processing the correspondence.

b) Legal basis for data processing

The legal basis for processing of the data in the event that consent has been received from the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

The legal basis for processing of the data sent to us by email is set out in Art. 6, paragraph 1, part (f) of the GDPR. Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Art. 6, paragraph 1, part (b) of the GDPR.

c) Purpose of data processing

We use the personal data you provide in the contact form exclusively to process your enquiry. In the case of contact by email, this represents our necessary, legitimate interest in data processing.

Any other personal data that is processed when you send us the contact form is used to prevent abuse of the contact form and to protect the security of our Information Technology systems.

d) Duration of storage

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data entered in the input screen of the contact form and personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively.

Any additional personal data collected during the sending process will be deleted after a maximum of seven days.

e) Right to objection and removal

The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting datenschutz@dlr.de. Correspondence will be discontinued in these cases.

All personal data stored in connection with contacting us will be deleted in this case.

IX. Web analysis with Matomo (formerly known as PIWIK)

1. Scope of the processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the browsing behaviour of our users. The software places a cookie on the user’s computer (see above for more details of cookies). The following data will be saved if individual pages are visited on our website:
1.Two bytes of the IP address of the user’s accessing system
2.The accessed website
3.The website from which the user reached the accessed website (referrer)
4.The sub-pages accessed from the website
5.How long the user remained on the website
6.How often the website was accessed

The software hereby runs exclusively on the servers for our website. The user’s personal data is only stored there. This data will not be forwarded to third parties.

2. Legal basis for the processing of personal data

The legal basis for processing the user’s personal data is point (f) of Art. 6 (1) of the GDPR.

3. Purpose of data processing

Processing the user’s personal data allows us to analyse the browsing behaviour of our users. By analysing the collected data we are able to compile information about how individual components of our website are being used. This helps us to constantly improve our website and its usability. Profiling does not take place. These purposes justify our legitimate interests in processing data pursuant to point (f) Art. 6 (1) of the GDPR. The anonymisation of the IP address takes due account of the user’s interest in the protection of their personal data.

4. Duration of storage

The software has been configured so that the IP addresses are not stored completely. Two bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, the shortened IP address can no longer be assigned to the accessing computer.

5. Right to objection and removal (opt-out option)

Cookies are stored on the user’s computer and transmitted to our page from there. This is why as a user you have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can take place automatically. If cookies for our website are deactivated you may not be able to use all of the functions provided by the website.

We offer users of our website an opt-out option for the analysis procedure. To opt out, follow the link and deactivate the web analysis. As a result, a further cookie will be placed on your system that tells our system not to save the user’s data. If the user temporarily deletes the corresponding cookie from their own system, they have to reset the opt-out cookie.

Click the following link for more information about the privacy settings for the Matomo software: https://matomo.org/docs/privacy/.

X. Use of YouTube

The controller has integrated components of YouTube on this website. YouTube is an Internet video portal that enables video publishers to upload video clips free of charge and that permits other users to view, rate and comment on these videos, also free of charge. YouTube allows the dissemination of all kinds of videos, so that full movies and TV programmes, as well as music videos, trailers and videos produced by users, are accessible on the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each visit to one of the individual pages of this Website that are operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the Information Technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component.

The embedding code for YouTube videos was generated in advanced data privacy mode (for more detailed information in this regard, visit https://support.google.com/youtube/answer/171780).

Further information about YouTube is available at https://www.youtube.com/intl/en/yt/about/. During the course of this technical procedure, YouTube and Google acquire knowledge of the specific sub-page of our website that was visited by the data subject.

If the data subject is simultaneously logged into YouTube, YouTube recognises – with each visit to a sub-page that contains a YouTube video – which specific sub-page of our website the data subject visited. This information is collected by YouTube and Google and associated with the YouTube account of the data subject.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube when visiting our website; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of information to YouTube and Google is not desirable for the data subject, then he or she can prevent this by logging off from their YouTube account before visiting our website.

YouTube’s privacy policy, which is available at https://policies.google.com/privacy, provides information on the collection, processing and use of personal data by YouTube and Google.

The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal basis for processing of the data after consent by the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

XI. Use of Twitter

The controller has integrated Twitter components on this website. The Twitter plug-ins (tweet button) are identified by the Twitter logo (blue bird) on our website. For an overview of tweet buttons, click here: https://about.twitter.com/resources/buttons.

Twitter is a multilingual, publicly accessible microblogging service on which users can publish and disseminate so-called tweets, which are short messages of no more than 280 characters. These short messages are accessible to everyone, so also to persons not registered with Twitter. The tweets are also shown to the user’s Twitter ‘followers’. Followers are other Twitter users that have subscribed to the tweets by a certain user. In addition, Twitter enables the addition of hashtags, links or retweets to address a broad audience.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

When you visit a page on our website containing this kind of plug-in, a direct connection is established between your browser and the Twitter server. Twitter therefore receives information that you visited our page with your IP address. If you click on the Twitter ‘tweet button’ while logged into your Twitter account, you can link the content of our page to your Twitter profile. Twitter is therefore able to associate your Twitter account with your visit to our pages. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how Twitter uses it.

Please log out of your Twitter user account if you do not want Twitter to associate your visit to our website with your account.

With each visit to one of the individual pages on this website that are operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the data subject will be automatically prompted by the respective Twitter component to download a displayable Twitter component from Twitter. For further information on the Twitter buttons, visit https://publish.twitter.com/. In the course of this technical procedure, Twitter becomes aware of which sub-page of the website the data subject has visited. The purpose of integrating the Twitter component is to enable our users to disseminate the content of the web page, to publicise the web page in the digital world and to increase our visitor numbers.

Where the data subject is simultaneously logged onto Twitter, Twitter will recognise (for the duration of the visit to our website) each individual sub-page that the data subject visits while accessing our website. This information is collected by the Twitter component and associated with the Twitter account of the data subject. Where the data subject clicks on one of the twitter buttons integrated on our website, the data and information transmitted in this way will be associated with the Twitter user account of the data subject and will be stored and processed by Twitter.

The Twitter component will also inform Twitter if the data subject has visited our website, while simultaneously logged into their Twitter account; this takes place regardless of whether or not the data subject clicks on the Twitter component. If such a transmission of information to Twitter is not desirable for the data subject, then he or she can prevent this by logging off from their Twitter account before visiting our website.

The applicable Twitter privacy policies can be accessed at: https://twitter.com/privacy.

The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal grounds for processing of the data after consent by the user are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

XII. Use of Instagram

The controller has integrated components of the service Instagram on this website. Instagram is a service that is classified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate this data on other social networks.

The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

With each visit to one of the individual pages on this website that are operated by the controller and on which an Instagram component (Instagram button) has been integrated, the Internet browser on the Information Technology system of the data subject is automatically prompted to download a displayable Instagram component. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.

Where the data subject is simultaneously logged onto Instagram, Instagram will recognise for the duration of the visit to our website each individual sub-page that the data subject visits while accessing our website. This information is collected through the Instagram component and is associated with the Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram associates this information with the personal Instagram user account of the data subject and stores the personal data.

Instagram receives information via the Instagram component that the data subject has visited our website if the data subject is logged in at Instagram at the time of visiting our website. This occurs regardless of whether or not the person clicks on the Instagram button. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before visiting our website.

For more information about the applicable Instagram privacy policies, visit https://www.instagram.com/about/legal/privacy/.

The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal grounds for processing of the data after consent by the user are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

XIII. Use of the Vimeo

We present videos on our website using services such as those provided by Vimeo. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011, USA.

We use Vimeo plugins on some of our webpages. When you visit a page that contains such plugins – for example, our Media Library – a connection is established with the Vimeo servers and the plugin is shown. This provides the Vimeo server with information about the pages you have visited on our website. If you are logged onto Vimeo as a member, then Vimeo will automatically associate this information with your personal user account. When you activate the plugin (for example, by clicking the start button of a video), the corresponding information is also associated with to your user account. You can prevent the automatic association of this information by logging out of your Vimeo account and deleting its cookies before logging onto our website.

For more information about data processing and Vimeo’s privacy policies, visit https://vimeo.com/privacy

The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal grounds for processing of the data after consent by the user are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

XIV. Use of Facebook

The controller has integrated components of the enterprise Facebook on this website. Facebook is a social network.

A social network is a place for social meetings on the Internet – an online community – which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each visit to one of the individual pages of this website that are operated by the controller and into which a Facebook component (Facebook plug-in) has been integrated, the web browser on the Information Technology system of the data subject is automatically prompted to download a displayable Facebook device from Facebook through the Facebook component. An overview of all the Facebook plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-pages of our website were visited by the data subject.

If the data subject is logged into their Facebook account, Facebook detects, with every visit to our website by the data subject – and for the entire duration of their stay on our website – which specific sub-pages of our Internet site were visited by the data subject. This information is collected through the Facebook device and associated with the Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated in our website (for example, the ‘Like’ button), or if the data subject submits a comment, then Facebook associates this information with the personal Facebook user account of the data subject and stores some personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject whenever the data subject is logged in to Facebook during their visit to our website. This occurs regardless of whether or not the data subject clicks on the Facebook component. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before visiting our website.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, a variety of applications are available that enable the prevention of data transfer to Facebook. These applications may be used by the data subject to prevent data transmission to Facebook.

The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal basis for processing of the data after consent by the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

XV. Use of Google+

The controller has integrated the Google+ button as a component on this website. Google+ is a social network. A social network is a social meeting place on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Google+ allows users of the social network to create private profiles, upload photos and network through friend requests.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each visit to one of the individual pages of this website that are operated by the controller and on which a Google+ button has been installed, the Internet browser on the Information Technology system of the data subject automatically downloads a displayable version of the Google+ button of Google through the Google+ button component. During the course of this technical procedure, Google is made aware of what specific sub-page of our website was visited by the data subject. More detailed information about Google+ is available under https://developers.google.com/+/.

If the data subject is logged in to Google+, Google recognises with each visit to our website by the data subject and for the entire duration of his or her stay on our website, which specific sub-pages of our website were visited by the data subject. This information is collected through the Google+ button and Google associates this with the Google+ account of with the data subject.

If the data subject clicks on the Google+ button integrated on our website and thus gives a Google+ recommendation, then Google associates this information with the personal Google+ user account of the data subject and stores some personal data. Google stores the Google+ recommendation of the data subject, making it publicly available in accordance with the terms and conditions accepted by the data subject in this regard. Subsequently, a Google+ recommendation given by the data subject on this website together with other personal data, such as the Google+ account name used by the data subject and the stored photo, is stored and processed on other Google services, such as search engine results of the Google search engine, the Google account of the data subject or in other places – for example, on Internet pages or in relation to advertisements. Google is also able to link the visit to this website with other personal data stored by Google. Google further records this personal information with the purpose of improving or optimising the various Google services.

Through the Google+ button, Google receives information that the data subject visited our website, if the data subject is logged in to Google+ at the time of their visit to our website. This occurs regardless of whether or not the data subject clicks on the Google+ button.

If the data subject does not wish to transmit personal data to Google, he or she may prevent such transmission by logging out of his Google+ account before visiting our website.

For further information and the data protection provisions of Google, visit https://www.google.de/intl/en/policies/privacy/. More references from Google about the Google+ button may be obtained under https://developers.google.com/+/web/buttons-policy.

The data subject has granted consent for this form of data processing by confirming the use of cookies upon first access of the DLR website. The legal basis for processing of the data after consent by the user is set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).

XVI. Use of SoundCloud

Plugins of the social network SoundCloud (c/o JAG Shaw Baker, Berners House, 47-48 Berners Street, London W1T 3NF, UK) may be integrated on our pages. You can recognise the SoundCloud plug-ins by the SoundCloud logo on the relevant pages.

When you visit our pages, a direct connection is established between your browser and the SoundCloud server after activating the plugin. SoundCloud receives the information that you have visited our site together with your IP address.

If you click the ‘Like’ or ‘Share’ button while logged into your SoundCloud account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to associate your account with your visit to our site. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how SoundCloud uses it. For more information, please see SoundCloud’s privacy policy at: https://soundcloud.com/pages/privacy

If you do not want SoundCloud to associate your visit to our pages with your SoundCloud account, please log out of your SoundCloud account before activating any SoundCloud plugin content.

XVII. Rights of the data subject

Where personal data concerning you is processed, you are the data subject as defined in the EU General Data Protection Regulation (GDPR) and you have the following rights with respect to the controller:

a) Right to information

You have the right to obtain from the controller confirmation of whether personal data concerning you is processed by us.

Where such processing takes place, you have the right to obtain the following information from the controller:
•the purposes for which the personal data is processed;
•the categories of personal data that is processed;
•the recipients, or categories of recipients to whom the personal data relating to you has been or will be disclosed;
•the planned duration of storage of the personal data concerning you, or the criteria applied to defining the duration of storage if precise information in this regard is not available;
•the existence of a right to correction or deletion of the personal data concerning you, the right to restrict processing by the controller or the right to object to this processing;
•the right to lodge a complaint with a supervisory authority;
•all information available concerning the origins of the data if the personal data was not collected from the data subject;
•the existence of an automated decision-making process, including profiling, according to Art. 22 paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic and implications involved, as well as on the intended effects of this kind of processing on the data subject;
•You also have the right to obtain information on whether the personal data concerning you has or will be transferred to a third country or to an international organisation. In this regard, you are entitled to request information on the appropriate guarantees in place with regard to this processing in accordance with Art. 46 of the GDPR.

The controller will provide a copy of the personal data that is subject to processing. Where you request additional copies, the controller is entitled to charge an appropriate fee based on administrative costs. If you place the application by electronic means, the information will be made available in a standard electronic format, except where otherwise specified by you. The right to receive a copy in accordance with paragraph 3 of this section must not adversely affect the rights and freedoms of other persons.

b) Right to correction

As a data subject, you have the right to request from the controller the correction of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

c) Right to limit processing

You have the right to request from the controller restriction of processing of personal data concerning you under the following conditions:
•where the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
•the processing is unlawful and you oppose the deletion of the personal data, and instead request the restriction of its use;
•the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
•if you have objected to processing pursuant to Art. 21, paragraph 1, of the GDPR, pending the verification of whether the legitimate reasons of the controller override your reasons.

Where processing of the personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where you have obtained restriction of processing under the conditions set out above, you will be informed by the controller before the restriction of processing is lifted.

d) Right to deletion

Obligation to delete

You have the right to request the controller to delete personal data concerning you without undue delay, and the controller will be obliged to delete personal data immediately where one of the following grounds applies:
•the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
•you withdraw consent on which the processing is based according to part (a) of Art. 6, paragraph 1, or part (a) of Art. 9, paragraph 2 of the GDPR, and there is no other legal basis for the processing;
•you object to the processing pursuant to Art. 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, paragraph 2 of the GDPR;
•the personal data concerning you has been unlawfully processed;
•the personal data has to be deleted to comply with a legal obligation under a Union or Member State law to which the controller is subject;
•The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8, paragraph 1 of the GDPR.
Information to third parties

Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17, paragraph 1 of the GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, is required to take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested to be deleted by such controllers, as well as any links to, copies or replications of such personal data.

Exceptions

The right to deletion does not apply to the extent that processing is necessary:
•for exercising the right of freedom of expression and information;
•for compliance with a legal obligation under Union or Member State law to which the controller is subject or for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller;
•for reasons of public interest in the area of public health in accordance with parts (h) and (i) of Art. 9, paragraph 2 and Art. 9, paragraph 3 of the GDPR;
•for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89, paragraph 1 of the GDPR, insofar as the rights referred to in section (a) are likely to render impossible or seriously impair the achievement of the objectives of that processing; or
•for the establishment, exercise or defence of legal claims.

e) Right to notification

Where you have exercised the right to correction, deletion or restriction of processing with the data controller, the data controller shall be obliged to notify all recipients to whom the personal data concerning you was disclosed of this correction or deletion of data or of the restriction of processing, except where compliance proves to be impossible or is associated with a disproportionate effort.

In addition, you are entitled to require that the data controller inform you about these recipients.

f) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transfer that data to another controller without hindrance from the controller to which the personal data have been provided, where:
•the processing is based on consent pursuant to part (a) of Article 6, paragraph 1 or part (a) of Article 9, paragraph 2 of the GDPR or in a contract pursuant to part (b) of Art. 6, paragraph 1 of the GDPR; and
•the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on parts (e) or (f) of Art. 6, paragraph 1 of the GDPR; this includes profiling based on those provisions.

The controller shall no longer process the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object, at any time, to the processing of personal data concerning you for the purpose of such marketing. This applies also to profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding directive 2002/58/EC, you may exercise your right to object by automated means that use technical specifications.

Where personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89, paragraph 1 of the GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, except where the processing is necessary for the performance of a task carried out for reasons of public interest.

Should you wish to exercise your right to withdraw consent or to object, please send an email to datenschutz@dlr.de.

h) Right to withdraw consent pursuant to Art. 7, paragraph 3 of the GDPR

You have the right to withdraw your consent to the processing of data at any time, with future effect. In the event that you withdraw consent, we will delete the data concerned immediately, except where processing can be based on legal grounds that do not require consent. The withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal of consent.

i) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you.

This does not apply if the decision:
•is necessary for entering into, or performance of, a contract between you and the data controller;
•is authorised by Union or Member State law to which the controller is subject and which also contains suitable measures to safeguard your rights, freedoms and legitimate interests; or
•is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art 9, paragraph 1 of the GDPR, unless parts (a) or (g) of Art. 9, paragraph 2 of the GDPR applies and suitable measures to safeguard your rights, freedoms and legitimate interests are in place.

In the cases referred to in parts (1) and (3), the data controller is required to implement suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your normal residence, you place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged is required to inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78.