A) General Information
DLR-GfR mbH takes the protection of personal data very seriously.
We want you to know when we store data, which types of data are stored and how it is used.
With this data protection declaration we would like to inform you about the processing of your personal data within the framework of the use of the website which can be called up dlr-gfr.com and
jobs.dlr-gfr.com in accordance with the specifications of the EU Data Protection Basic Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – hereinafter referred to as “GDPR”).
This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller).
B) Mandatory information
- Name and address of controller
The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:
DLR Gesellschaft für Raumfahrtanwendungen (GfR) mbH
Münchener Straße. 20
- Address of the data protection officer
The controller’s appointed data protection officer can be contacted with following address:
DLR Gesellschaft für Raumfahrtanwendungen (GfR) mbH
Münchener Straße. 20
C) Definition of terms
- Personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
- Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- Controller or data processing controller
Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
D) Information on data processing
- Scope of processing
We process personal data concerning our users exclusively to the extent required to provide a functioning website, as well as our content and services. Ordinarily, we will only process the personal data of our users after obtaining their consent. An exception to this rule is where obtaining prior consent is factually impossible and the processing of the data is permitted by law.
- Legal basis
Where we obtain consent from the data subject for the processing of personal data, the legal grounds are set out in Art. 6, paragraph 1, part (a) of the EU General Data Protection Regulation (GDPR).
Where personal data is processed for the performance of a contract in which the data subject is a contractual partner, the legal grounds are set out in Art. 6, paragraph 1, part (b) of the GDPR. This also applies to processing that is necessary for pre-contractual measures.
Where processing of personal data is necessary for the protection of vital interests of the data subject or another natural person, the legal grounds are set out in Art. 6, paragraph 1, part (d) of the GDPR.
- Information, rectification, duration, blocking, erasure
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if necessary, a right to correction,
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject.
Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
- Data portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible
- Revocation of consent
Only with your express consent are some data processing operations possible. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out up to the revocation remains unaffected by the revocation.
- Rights to complain
As a data subject, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law.
The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company is located. The following link provides a list of the data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .
E) Provision of the Website
Whenever our website is called up, our system automatically records data and information from the computer system of the calling computer.
- Legal basis
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 letter f GDPR.
- Purpose of the processing
Die The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The DLR-GfR website collects a range of general data and information every time a person or automated system accesses the website. This general data and information is stored in the server log files.
The following data is collected in this context:
- Information about the browser type and version
- The user’s operating system
- The user’s Internet Service Provider
- The user’s IP address
- The date and time of access
- Referrer website(s)
- Websites accessed by the user from our website
When using this general data and information, DLR-GfR does not draw conclusions about the person concerned. Rather, this information is needed to
(1) to deliver the contents of our website correctly
(2) the contents of our website (3) the permanent operability of our information technology systems and the technology of our website and
(4) to provide law enforcement authorities with information necessary for law enforcement purposes in the event of a cyber attack.
This anonymously collected data and information is therefore evaluated statistically by DLR-GfR and also with the aim of increasing data protection and data security at DLR-GfR, ultimately to ensure an optimum level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a person concerned.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR
- Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.
In the case of data stored in log files, this occurs after no longer than fourteen days. Further storage is possible; in these cases, the users’ IP addresses are deleted or pseudonymised to prevent any association with the accessing client.
- Server technical resources
SSL / TLS-Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the https:// address line of your browser and the lock symbol in the browser line.
In server log files, the provider of the website automatically collects and stores information that your browser automatically sends to us. These are:
– Visited page on our domain
– Date and time of the server request
– Browser type and version
– Operating system in use
– Referrer URL
– Host name of the accessing computer
– IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 letter b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Some cookies are “session cookies.” Such cookies are deleted automatically after the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognize you when you return to our website.
With a modern web browser you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when you close the program. Disabling cookies may result in limited functionality of our website.
The setting of cookies, which are necessary for electronic communication processes or the provision of certain functions desired by you (e.g. shopping basket), is based on Art. 6 Para. 1 letter f GDPR. As operators of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these will be treated separately in this data protection declaration.
- WebTools and SocialMedia Plugins
For integration and display of video content our website uses plugins from YouTube. The video portal is provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When a page with integrated YouTube plugin is called up, a connection to the YouTube servers is established. This tells YouTube which of our pages you have called up.
YouTube can directly assign your surfing behavior to your personal profile, if you are logged in to your YouTube account. By logging out you have the possibility to prevent this.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses “cookies.” These are small text files that your web browser stores on your end device and enable an analysis of website use. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. Server location is usually the USA.
The setting of Google Analytics cookies is based on Art. 6 Para. 1 lit. f GDPR.
As the operator of this website, we have a legitimate interest in analyzing user behavior in order to optimize our website and, where applicable, advertising.
We use Google Analytics in conjunction with the IP anonymization function. It ensures that Google truncates your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area before sending it to the USA. There may be exceptional cases in which Google transfers the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activities and to provide us with further services associated with the use of the website and the Internet. The IP address transmitted by Google Analytics is not merged with other Google data.
The setting of cookies by your web browser can be prevented. However, some functions of our website could be restricted as a result. You can also prevent the collection of data regarding your website usage, including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plugin accessible via the following link: https://tools.google.com/dlpage/gaoptout?hl=de .
In order to fully comply with the legal data protection requirements, we have concluded a contract with Google for order processing.
Demographic characteristics at Google Analytics
Our website uses the “demographic features” function of Google Analytics. It can be used to generate reports that contain information about the age, gender and interests of visitors to the site. This data is derived from interest-based advertising by Google and from visitor data from third parties. It is not possible to assign the data to a specific person. You can disable this feature at any time. You can do this through the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics, as explained in the “Opting out of data collection” section.
Our website uses features of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
When a page with integrated Xing functions is called up, a connection to the Xing servers is established. To the best of our knowledge, no personal data is stored. IP addresses are not stored, nor is there any evaluation of user behaviour.
Our website uses features of the Twitter service. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
You can change your privacy settings on Twitter: https://twitter.com/account/settings
Our site uses features of the social network Pinterest. The provider is Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103-490, USA.
When you access a page with Pinterest functions, your browser establishes a direct connection to the Pinterest servers. Protocol data is transmitted to the Pinterest servers. The servers are located in the USA. The log data may allow conclusions to be drawn about your IP address, websites visited, browser type and settings, date and time of the request, your use of Pinterest and cookies.
F) Application to DLR-GfR
Information on the processing of applicant data on our recruiting page can be found under the following link: https://jobs.dlr-gfr.com/privacy.html
Web analysis by Matomo
We use the open source software tool Matomo on our website to analyse the browsing behaviour of our users. The software places a cookie on the user’s computer (see above for more details of cookies). The following data will be saved if individual pages are visited on our website:
- Two bytes of the IP address of the user’s accessing system
- The accessed website
- The website from which the user reached the accessed website (referrer)
- The sub-pages accessed from the website
- How long the user remained on the website
- How often the website was accessed
- The software hereby runs exclusively on the servers for our website. The user’s personal data is only stored there. This data will not be forwarded to third parties.
- Legal basis for the processing of personal data
The legal basis for processing the user’s personal data is point (f) of Art. 6 (1) of the GDPR.
- Purpose of data processing
Processing the user’s personal data allows us to analyse the browsing behaviour of our users. By analysing the collected data we are able to compile information about how individual components of our website are being used. This helps us to constantly improve our website and its usability. Profiling does not take place. These purposes justify our legitimate interests in processing data pursuant to point (f) Art. 6 (1) of the GDPR. The anonymisation of the IP address takes due account of the user’s interest in the protection of their personal data.
- Duration of storage
The software has been configured so that the IP addresses are not stored completely. Two bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, the shortened IP address can no longer be assigned to the accessing computer.
- Right to objection and removal (opt-out option)
We offer users of our website an opt-out option for the analysis procedure. To opt out, follow the link and deactivate the web analysis. As a result, a further cookie will be placed on your system that tells our system not to save the user’s data. If the user temporarily deletes the corresponding cookie from their own system, they have to reset the opt-out cookie.
Click the following link for more information about the privacy settings for the Matomo software: https://matomo.org/docs/privacy/.
G) Status and adjustments of this data protection declaration
This data protection declaration corresponds to the status stated at the beginning.
We reserve the right to amend this data protection declaration.
We would therefore like to ask you to consult the data protection information on an ongoing basis so that you can inform yourself of any changes.