Information on data protection
The German Aerospace Center ( e.V. – DLR) takes the protection of your personal data very seriously. In accordance with the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, this data protection notice informs you about the processing of your personal data by DLR and the rights to which you are entitled. This information will be updated as necessary and made available to you. We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by external service providers.
SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the character string “https://” and the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
I. Name and address of the controller
II. Name and address of the data protection officer
III. Definition of terms
IV. General information on data processing
V. Processing operations
VI. Cookies
VII. Use of Matomo
VIII. Rights of the data subject
I. Name and address of the controller
The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is the:
German Aerospace Center (DLR)
Linder Höhe
51147 Köln
Phone: +49 2203 601-0
E-mail: datenschutz@dlr.de
Website: dlr.de
II. Name and address of the data protection officer
You can reach the data protection officer of the controller at:
German Aerospace Center, Linder Höhe, 51147 Cologne
E-mail: datenschutz@dlr.de
III. Definition of terms
In accordance with the General Data Protection Regulation and the Federal Data Protection Act, we use the following terms, among others, in this privacy policy:
1. Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
8. Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
9. Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
10. Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.
11. Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
IV. General information on data processing
1. Scope of processing of personal data
We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data only takes place regularly with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal grounds for the processing of personal data
If you have consented to data processing, we process your personal data on the basis of Article 6 paragraph 1 sentence 1 part (a) GDPR or Article 9 paragraph 2 part (a) GDPR, insofar as special categories of data are processed in accordance with Article 9 paragraph 1 GDPR.
In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49 paragraph 1 part (a) GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g. via device fingerprinting), the data processing is carried out on the basis of Article 6 paragraph 1 part (a) GDPR and additionally on the basis of paragraph 25 part 1 TDDDG. Consent can be revoked at any time.
If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6 paragraph 1 sentence 1 part (b) GDPR. Furthermore, we process your data if it is necessary for the fulfilment of a legal obligation on the basis of Article 6 paragraph 1 sentence 1 part (c) GDPR.
Data processing may also be carried out on the basis of our legitimate interest in accordance with Article 6 paragraph 1 sentence 1 part (f) GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this privacy policy.
3. Data deletion and duration of data storage
The personal data of the data subject will be erased or blocked as soon as the purpose of the processing no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
V. Processing operations
1. Provision of the website and external hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Article 6 paragraph 1 part (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Article 6 paragraph 1 part (f) GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Article 6 paragraph 1 part (a) GDPR and Paragraph 25 part 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Our hoster will only process your data to the extent that this is necessary for the fulfilment of its performance obligations and follow our instructions with regard to this data.
We currently use the following hoster:
HostPress GmbH
Bahnhofstraße 34
66571 Eppelborn
Germany
Order processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
2. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Article 6, paragraph 1, part (f) of the GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.
3. Contact
Enquiry by e-mail, contact form or telephone
If you contact us by e-mail, telephone or via our contact form, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Article 6, paragraph 1, part (b) of the GDPR, if your inquiry is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us according to Article 6, paragraph 1, part (f) of the GDPR or on the basis of your consent (Article 6, paragraph 1, part (a) GDPR) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
VI. Cookies
Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Article 6 paragraph 1 part (f) GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Article 6 paragraph 1 part (a) GDPR and paragraph 25 part 1 TDDDG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in the context of this privacy policy and, if necessary, request your consent.
VII. Use of Matomo
This website uses the open-source web analysis service Matomo.
Through Matomo, we are able to collect and analyse data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Article 6 paragraph 1 part (f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Article 6 paragraph 1 part (a) GDPR and paragraph 25 part 1 TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
IP anonymisation
For the analysis with Matomo we use IP anonymisation. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.
Analysis without cookies
We have configured Matomo in such a way that Matomo will not store cookies in your browser.
Hosting
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
VIII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller in accordance with the provisions set out below:
1. in accordance with Article 15 GDPR, you can request information about the personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your personal data has been or will be disclosed, the planned storage period and the existence of the rights explained in this section 4 and 6.
2. in accordance with Article 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.
3. in accordance with Article 17 GDPR, you may request the deletion of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or even potential defence of legal claims.
4. in accordance with Article 18 GDPR, you may request the restriction of the processing of your personal data if you dispute its accuracy, if the processing is unlawful but you refuse to delete it and we no longer need the personal data, but you need it for the assertion, exercise or defence of legal claims or if you have lodged an objection to the processing in accordance with Article 21 GDPR.
5. in accordance with Article 20 GDPR, you may receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller
6. in accordance with Article 7 paragraph 3 GDPR, you can revoke any consent you have given us under data protection law at any time. As a result, we may no longer continue the data processing that was based on this consent in the future.
7. Right to object pursuant to Article 21 GDPR
If personal data is processed on the basis of legitimate interests in accordance with Article 6 paragraph 1 part (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Article 21 paragraph 6 of the GDPR.
8. In accordance with Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the controller is available for this purpose.
To exercise these rights, please contact the office specified in Section I. or II.
Last update: 11 August 2025