{"id":530,"date":"2019-03-15T12:12:23","date_gmt":"2019-03-15T11:12:23","guid":{"rendered":"http:\/\/dlr.storms-media.de\/?page_id=530"},"modified":"2019-03-15T12:53:46","modified_gmt":"2019-03-15T11:53:46","slug":"data-protection","status":"publish","type":"page","link":"https:\/\/mil.robotic.dlr.de\/data-protection\/","title":{"rendered":"Data Protection"},"content":{"rendered":"\r\n
\r\n\t\r\n\t\r\n\t
\r\n\t\t
\n\t\r\n
\r\n\r\n\t\r\n\t
\r\n\t\t\r\n
\r\n\t

Privacy Policy<\/b><\/span><\/span><\/span><\/p>

Information about Data Protection<\/b><\/span><\/span><\/span><\/p>

DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (<\/span><\/span><\/span>GDPR<\/u><\/span><\/span><\/span><\/a>), the <\/span><\/span><\/span>Federal Data Protection Act (BDSG)<\/u><\/span><\/span><\/span><\/a> and the <\/span><\/span><\/span>Telemedia Act (TMG)<\/u><\/span><\/span><\/span><\/a>. We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.<\/span><\/span><\/span><\/p>

This website uses SSL \u2013 that is, TLS encryption \u2013 in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller).<\/span><\/span><\/span><\/p>

Name and address of the controller<\/b><\/span><\/span><\/span><\/p>

The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:<\/span><\/span><\/span><\/p>

Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V. (DLR)
Linder H\u00f6he
51147 Cologne<\/span><\/span><\/p>

Telephone: +49 2203 601-0
Email: <\/span><\/span><\/span>datenschutz@dlr.de<\/u><\/span><\/span><\/span><\/a>
WWW: <\/span><\/span><\/span>https:\/\/www.dlr.de<\/u><\/span><\/span><\/span><\/a><\/p>

Name and address of the data protection officer<\/b><\/span><\/span><\/span><\/p>

The controller\u2019s appointed data protection officer is:<\/span><\/span><\/span><\/p>

Uwe Gorsch\u00fctz, Deutsches Zentrum f\u00fcr Luft- und Raumfahrt e. V., Linder H\u00f6he, 51147 Cologne
Email: <\/span><\/span>datenschutz@dlr.de<\/u><\/span><\/span><\/a><\/p>

Definition of terms<\/b><\/span><\/span><\/span><\/p>

Among others, we use the following terms in this Privacy Policy, set out in the General Data Protection Regulation and the Federal Data Protection Act:<\/span><\/span><\/span><\/p>

1. Personal data<\/span><\/span><\/span><\/p>

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: \u2018data subject\u2019). An identifiable natural person is one who can be identified \u2013 directly or indirectly \u2013 in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.<\/span><\/span><\/span><\/p>

2. Data subject<\/span><\/span><\/span><\/p>

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.<\/span><\/span><\/span><\/p>

3. Processing<\/span><\/span><\/span><\/p>

Processing is any operation or set of operations performed on personal data or on sets of personal data \u2013 whether or not by automated means \u2013 such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.<\/span><\/span><\/span><\/p>

4. Restriction of processing<\/span><\/span><\/span><\/p>

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.<\/span><\/span><\/span><\/p>

5. Profiling<\/span><\/span><\/span><\/p>

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person\u2019s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.<\/span><\/span><\/span><\/p>

6. Pseudonymisation<\/span><\/span><\/span><\/p>

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.<\/span><\/span><\/span><\/p>

7. Controller or data processing controller<\/span><\/span><\/span><\/p>

Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.<\/span><\/span><\/span><\/p>

8. Processor<\/span><\/span><\/span><\/p>

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.<\/span><\/span><\/span><\/p>

9. Recipient<\/span><\/span><\/span><\/p>

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.<\/span><\/span><\/span><\/p>

10. Third party<\/span><\/span><\/span><\/p>

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.<\/span><\/span><\/span><\/p>

11.Consent<\/span><\/span><\/span><\/p>

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject\u2019s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.<\/span><\/span><\/span><\/p>

General information on data processing<\/b><\/span><\/span><\/span><\/p>

1. Scope of processing of personal data<\/span><\/span><\/span><\/p>

We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.<\/span><\/span><\/span><\/p>

2. Legal grounds for the processing of personal data<\/span><\/span><\/span><\/p>

Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).<\/span><\/span><\/span><\/p>

Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6, paragraph 1, part (b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.<\/span><\/span><\/span><\/p>

Where personal data is processed for compliance with a legal obligation to which our research centre is subject, the legal grounds are set out in Art. 6, paragraph 1, part (c) of the GDPR.<\/span><\/span><\/span><\/p>

Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6, paragraph 1, part (d) of the GDPR.<\/span><\/span><\/span><\/p>

Where processing is necessary for the legitimate interests of our research centre or a third party, and where the fundamental rights and freedoms of the data subject do not override the first interests, the legal grounds are set out in Art. 6, paragraph 1, part (f) of the GDPR.<\/span><\/span><\/span><\/p>

3. Data deletion and duration of data storage<\/span><\/span><\/span><\/p>

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage takes place if authorised by Union or Member State directives, laws or other regulations to which the controller is subject. Blocking or deletion of the data shall also take place when a storage period stipulated by one of the above standards comes to an end, except where it is necessary to continue storing the data to enter into or perform a contract.<\/span><\/span><\/span><\/p>

Provision of the website and generation of log files<\/b><\/span><\/span><\/span><\/p>

a) Description and scope of data processing<\/span><\/span><\/span><\/p>

Our system automatically collects data and information from the accessing computer system each time our website is visited.<\/span><\/span><\/span><\/p>

The following data is collected in this context:<\/span><\/span><\/span><\/p>

  1. Information about the browser type and version<\/span><\/span><\/span><\/li>
  2. The user\u2019s operating system<\/span><\/span><\/span><\/li>
  3. The user\u2019s Internet Service Provider<\/span><\/span><\/span><\/li>
  4. The user\u2019s IP address<\/span><\/span><\/span><\/li>
  5. The date and time of access<\/span><\/span><\/span><\/li>
  6. Referrer website(s)<\/span><\/span><\/span><\/li>
  7. Websites accessed by the user from our website<\/span><\/span><\/span><\/li><\/ol>

    The data is also stored in log files kept on our system. This data is not stored together with other personal data concerning the user.<\/span><\/span><\/span><\/p>

    b)\u00a0Legal grounds for data processing<\/span><\/span><\/span><\/p>

    The legal grounds for temporary storage of the data and log files are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).<\/span><\/span><\/span><\/p>

    c)\u00a0Purpose of data processing<\/span><\/span><\/span><\/p>

    Temporary storage of the IP address by our system is necessary to deliver the website to the computer of the user. For this purpose, the user\u2019s IP address must be stored for the duration of the session.<\/span><\/span><\/span><\/p>

    Storage in log files takes place to ensure functionality of the website. In addition, the data is used to optimise the website and to ensure security of our Information Technology systems. Data analysis for marketing purposes does not take place in this context.<\/span><\/span><\/span><\/p>

    The DLR website collects a variety of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in server log files. The data and information collected include the (1) browser types and versions; (2) the operating system used by the accessing system; (3) the website from which the accessing system arrives on our website (the referrer); (4) the sub-pages visited by the accessing system; (5) the date and time of accessing our website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system and (8) other similar data and information that is used to protect against risks in the case of attacks on our Information Technology systems.<\/span><\/span><\/span><\/p>

    DLR does not draw any conclusions about the identity of the data subject during use of this general data and information. Instead, this information is necessary to (1) deliver the contents of our website in their correct form; to (2) optimise the contents of our website and promote it; to (3) guarantee the permanent functionality of our information technology systems and equipment used for our website; and to (4) provide the information necessary for law enforcement organisations to investigate cyber-attacks. This anonymous data and information is analysed by DLR, firstly for statistical purposes, and secondly with the objective of increasing data protection and data security at our research centre, and hence to achieve an optimum level of protection for the personal data processed by us. The anonymous data contained in the server log files is stored separately from all other personal data concerning the data subject.<\/span><\/span><\/span><\/p>

    These purposes justify our legitimate interests in data processing according to Art. 6, paragraph 1, part (f) of the GDPR.<\/span><\/span><\/span><\/p>

    d) Duration of storage<\/span><\/span><\/span><\/p>

    The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.<\/span><\/span><\/span><\/p>

    In the case of data stored in log files, this occurs after no longer than seven days. Further storage is possible; in these cases, the users\u2019 IP addresses are deleted or pseudonymised to prevent any association with the accessing client.<\/span><\/span><\/span><\/p>

    e) Right to objection and removal<\/span><\/span><\/span><\/p>

    The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.<\/span><\/span><\/span><\/p>

    Web analysis tool etracker<\/b><\/span><\/span><\/span><\/p>

    a) Scope of processing of personal data<\/span><\/span><\/span><\/p>

    The controller has integrated components supplied by the company etracker on this website. Etracker is a web analytics service. Web analytics describes the collection and evaluation of data concerning the Internet usage of website visitors. Among others, a web analytics service collects data on the website from which a data subject accessed another website (the referrer), which sub-pages of the website were accessed, how long the data subject remained on a sub-page, and how frequently the sub-pages were visited.<\/span><\/span><\/span><\/p>

    b) Legal basis for the processing of personal data<\/span><\/span><\/span><\/p>

    Data processing takes place based on the legal grounds set out in Art. 6, paragraph 1, part (f) (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our legitimate interest is to optimise our online presence and website.<\/span><\/span><\/span><\/p>

    c) Purpose of data processing<\/span><\/span><\/span><\/p>

    Web analysis is primarily used to optimise a website.<\/span><\/span><\/span><\/p>

    The privacy of our visitors is particularly important to us, which is why the IP address is anonymised in etracker as early as possible and login or device codes are converted into a unique key that cannot be associated with a particular person. Any other uses, association with other data or transfer to third parties do not take place with etracker.<\/span><\/span><\/span><\/p>

    Etracker places a cookie on the information technology system of the data subject. Cookies have already been explained under Section VI. With each visit to one of the individual pages on this website that are operated by the controller and on which an etracker component has been installed, the Internet browser on the Information Technology system of the data subject will be automatically prompted by the respective etracker component to transfer data for the purposes of promotion or optimisation. Within the framework of this technical procedure, etracker obtains knowledge of data that is then used to produce pseudonymised usage profiles. The usage profiles acquired in this way are used to analyse the Internet usage of the data subject that accessed the controller\u2019s website. This information is analysed to improve and optimise the website. The data collected by the etracker component is not used to identify the data subject without their separate and explicit consent. This data is not associated with personal data or other data containing the same pseudonym.<\/span><\/span><\/span><\/p>

    d) Duration of storage<\/span><\/span><\/span><\/p>

    The data is deleted as soon as it is no longer needed for our recording purposes.<\/span><\/span><\/span><\/p>

    e)\u00a0Right to objection and removal<\/span><\/span><\/span><\/p>

    The data subject can adjust the settings of the Internet browser at any time to prevent the DLR website from placing cookies as described under Section V and therefore to block cookies on a permanent basis. Adjusting the Internet browser in this way would also prevent etracker from placing a cookie on the Information Technology system of the data subject. Moreover, the browser or other software programs can be used to delete cookies that have already been placed by etracker at any time.<\/span><\/span><\/span><\/p>

    The data subject also has the option to object to, and therefore prevent, logging of the data relating to use of the website that is generated by the etracker cookie. The data subject agrees to or refuses the use of etracker cookies when visiting the website for the first time (opt-in solution).<\/span><\/span><\/span><\/p>

    For more information about the etracker privacy policy, visit <\/span><\/span><\/span>https:\/\/www.etracker.com\/en\/data-privacy\/<\/u><\/span><\/span><\/span><\/a>.<\/span><\/span><\/span><\/p>

    Rights of the data subject<\/b><\/span><\/span><\/span><\/p>

    Where personal data concerning you is processed, you are the data subject as defined in the EU General Data Protection Regulation (GDPR) and you have the following rights with respect to the controller:<\/span><\/span><\/span><\/p>

    a) Right to information<\/span><\/span><\/span><\/p>

    You have the right to obtain from the controller confirmation of whether personal data concerning you is processed by us.<\/span><\/span><\/span><\/p>

    Where such processing takes place, you have the right to obtain the following information from the controller:<\/span><\/span><\/span><\/p>

    The operating company of etracker is etracker GmbH, Erste Brunnenstra\u00dfe 1, 20459 Hamburg, Germany. The data generated with etracker is exclusively processed and stored in Germany on behalf of the provider of this website and is therefore subject to the strict data protection laws and standards applicable in Germany and Europe. In this regard, etracker has been independently audited, certified and awarded the ePrivacyseal data protection mark of quality. See: <\/span><\/span><\/span>https:\/\/www.eprivacy.eu\/en\/customers\/awarded-seals\/company\/etracker-gmbh\/<\/u><\/span><\/span><\/span><\/a>.<\/span><\/span><\/span><\/p>