TanDEM-X Science Service System DLR e.V.
You are here : Home : Privacy Policy

Privacy Policy

For the automated processing and storage of personal data in the context of the use of the website

DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.

Your personal data will only be collected, used and passed on by us if this is legally permitted or if you agree to the data collection.

I. Name and address of the controller

The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:

German Aerospace Center e. V. (DLR)
Linder Hoehe
51147 Cologne

Telephone: +49 2203 601-0
E-Mail: datenschutz@dlr.de
WWW: http://www.dlr.de

II. Name and address of the data protection officer at DLR

Uwe Gorschuetz
German Aerospace Center e. V.
Linder Hoehe
51147 Cologne
E-Mail: datenschutz@dlr.de

1.Subject matter

The website of the TanDEM-X Science Coordination (https://tandemx-science.dlr.de) informs about the status of the German satellite mission of the German Aerospace Center (DLR) in general, about events, the available products and organises the scientific team of the mission. Furthermore, a proposal for access to the mission data for registered users can be submitted to the TanDEM-X Science Coordination via this page using online forms. There is a public area of the site accessible to everyone, where further information and documents can be viewed and downloaded; this freely accessible area provides access to the registration form and a screen for registered users to log in ('Investigator'). There is a non-public area of the site, which is only accessible after prior self-registration (=creation of a user account) and subsequent login via a login mask. This account can be used to receive news about the mission and events via email. The user account in the restricted area of the site also allows personalized access to the proposal online forms, or access to all the user's proposals submitted so far, as well as access to, input and modification of all personal data, including changing the password for the user account.

The minimum age for registering and visiting and using the non-public part of the website is 16 years.

If you do not agree to the processing of your personal data in the following form, DLR cannot provide you with the requested information or, in the case of a request for data delivery, the requested data.

1.1 User types of the web page

There are 3 user types for the web page:

  • a. Non-registered user: Without registration only the public area of the website can be used.

  • b. Registered user ('Investigator') with a simple user account: For the non-public area of the site, the user must create a user account by registering. This requires a freely chosen user name and a valid e-mail address.

  • c. Registered user ('Investigator') who wishes to submit a proposal for data access must enter further personal data in addition to the e-mail address.

For access to TanDEM-X satellite data for scientific purposes (as agreed in the TanDEM-X project), DLR stores and processes personal data. This is necessary for the administration and evaluation of the scientific applications, for the establishment of an order account, as well as for the fulfilment of the resulting license agreements for data delivery to the applicant. Furthermore, DLR has obligations to comply with the Satellite data security act (SatDSiG).

1.2 Use of cookies

Cookies are small files that are stored on your access device (PC, smartphone, etc.) when accessing a website, e.g. to enable the user to register or transfer the contents of online forms. So-called session cookies are used both for access to the freely accessible area of the site and for access to the non-public area of the site via login with user name and password. The user can disable the use of cookies or or remove them in the settings of his browser. The freely accessible area of the site can still be used. For the non-public area of the website, the enabling of session cookies is mandatory for the secure transmission of user input from the web form to the DLR server. The session cookies expire one hour after the last user input into an online form or after the active logout of the user. The session cookies are only used for the above-mentioned purpose and not, for example, to analyse user behaviour. (user tracking).

1.3 Provision of the website and generation of log files

Our system automatically collects data and information from the accessing computer system each time our website is visited.

The following data is collected in this context:

  • Information about the browser type and version
  • The user's operating system
  • The user's Internet Service Provider
  • The user's IP address
  • The date and time of access
  • Referrer website(s)
  • Websites accessed by the user from our website

The data is also stored in log files kept on our system. This data is not stored together with other personal data concerning the user.

The legal grounds for temporary storage of the data and log files are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).

Temporary storage of the IP address by our system is necessary to deliver the website to the computer of the user. For this purpose, the user's IP address must be stored for the duration of the session.

Storage in log files takes place to ensure functionality of the website. In addition, the data is used to optimise the website and to ensure security of our Information Technology systems. Data analysis for marketing purposes does not take place in this context.

The DLR website collects a variety of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in server log files. The data and information collected include the (1) browser types and versions; (2) the operating system used by the accessing system; (3) the website from which the accessing system arrives on our website (the referrer); (4) the sub-pages visited by the accessing system; (5) the date and time of accessing our website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system and (8) other similar data and information that is used to protect against risks in the case of attacks on our Information Technology systems.

DLR does not draw any conclusions about the identity of the data subject during use of this general data and information. Instead, this information is necessary to (1) deliver the contents of our website in their correct form; to (2) optimise the contents of our website and promote it; to (3) guarantee the permanent functionality of our information technology systems and equipment used for our website; and to (4) provide the information necessary for law enforcement organisations to investigate cyber-attacks. This anonymous data and information is analysed by DLR, firstly for statistical purposes, and secondly with the objective of increasing data protection and data security at our research centre, and hence to achieve an optimum level of protection for the personal data processed by us. The anonymous data contained in the server log files is stored separately from all other personal data concerning the data subject

These purposes justify our legitimate interests in data processing according to Art. 6, paragraph 1, part (f) of the GDPR.

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.

In the case of data stored in log files, this occurs after no longer than seven days. Further storage is possible; in these cases, the users IP addresses are deleted or pseudonymised to prevent any association with the accessing client.

The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.

2. The type and extent of personal data collected, temporarily stored and processed by DLR for the purposes stated below

Depending on the type of user, personal data is recorded in varying degrees of detail. There are 3 different user types for the website.

  • a. Non-registered user: Apart from the points mentioned in 1.2 and 1.3 (cookies, log files), no personal user data is recorded or stored for the publicly accessible area of the site

  • b. Registered user ('Investigator'), simple user account: The public area of the site contains the registration form for creating a user account. With the sending of the registration form (valid e-mail address and self-chosen password) by the user these personal data are stored. After validation of the account by the user, the user is free to visit the non-public part of the site via the login mask. Further personal data need not and should not be entered if the user does not wish to submit a proposal for data delivery. If the user wishes to be informed by the Science Coordination about news and events of the mission by e-mail, he must explicitly declare his consent in the registration form for this use. The user can revoke this consent at any time in his user account settings.

    These personal data of the user are stored during registration:

    • User name (freely selectable)
    • E-Mail address
    • Password (freely selectable)
    • Consent to the storage of personal data
    • Consent/rejection whether the user wants to be informed via email about news of the mission.

  • c. Registered user ('Investigator') who wants to submit a proposal for data delivery: If the user wishes to submit a proposal for data delivery, further personal data must be provided. The data collected by DLR includes personal data of the applicant as well as personal data of all persons named by the applicant as additional data recipients in the proposal. This requirement results from the Satellite Data Security Act (SatDSiG 17 and 18). The applicant is obliged to obtain the declaration of consent for the storage of personal data from the other data recipients and to inform them of the applicable data protection regulations.

    Mandatory personal data of the proposer and all the other data recipients:

    • Organization/Company
    • Department of the organization/company
    • Title
    • First name
    • Last name
    • Address of the organization/company
      • Street and Number
      • Postcode and city
    • County
    • Citizenship
    • Telephone

    A copy of the user's official identity card is required to activate the order option for the mission's satellite data for approved proposals. To this end, DLR, as a data provider, is obliged to comply with the Satellite Data Security Act (SatDSiG).

3. Purpose of the collection, processing and storage of personal data

Users with a simple user account will be informed of mission news and events. The e-mail address will only be stored and used for this purpose and will not be passed on to third parties.

When registering and subsequently submitting a proposal, DLR requires additional personal data for the administration and evaluation of the research application you have submitted and - if the proposal is approved - for the fulfilment of the resulting licence agreement (pursuant to Art. 6 (1) b GDPR) at the latest when the final proposal is submitted.

If the application is approved, DLR still needs the personal data stated in the application to fulfil its legal obligations (pursuant to Art. 6 (1) GDPR) resulting from the Satellite Data Security Act (SatDSiG).

Furthermore, your personal data is required to answer your inquiries and to inform you about important information in connection with the mission and events.

For ongoing mission planning and statistics as well as for planning future missions, DLR carries out statistical evaluations of the data; statistical results obtained for this purpose no longer contain any reference to personal data.

4. Modification of personal data

Questions regarding information about, and modification of personal data can be sent to the TanDEM-X Science Coordination in writing or by e-mail at any time:

Microwaves and Radar Institute
TanDEM-X Science Coordination
Muenchner Strasse 20
82330 Wessling
E-Mail: tandemx-science@dlr.de

Personal data of the user can be viewed and modified at any time in the non-public area of the website, which is only accessible to the registered user. If this is technically not possible, a change can also be arranged in writing or via e-mail to the Science Coordination.

The change of personal data of the other data recipients named by him is only possible for the user in the non-public area of the website as long as the application has not yet been finally submitted. After submission of the application, changes or deletions can be requested via e-mail to the Science Coordination. Processing time for changes of personal data on request is 1 month.

5. Duration of storage and deletion of personal data

Simple user accounts for which no contractual relationship exists through a licence agreement with DLR remain in existence for as long as the user wishes to maintain the account, but can be terminated at any time upon request by e-mail and deletion can be requested. The deletion takes place within one month. Furthermore, every user account holder will be asked once a year by e-mail whether she/he wishes to maintain her/his account. If an application is submitted, the above-mentioned mandatory personal data will be stored on DLR's servers from the date of online registration or the submission of a research proposal. DLR requires the mandatory data for the administration of the proposal/account and the resulting licensing agreement. The evaluation period of the proposal ends with the user sending the signed license agreement. If individual users violate the licence agreement, DLR needs the obligatory user data for the duration of the contract in order to be able to prosecute its rights against the infringers.

The licence is granted for the duration of the research purpose described in the application. The license agreement begins with the provision of the order account and is considered terminated when:

  • The project is reported as completed by the user (e.g. by a final report)
  • The project is closed by DLR after a longer hiatus of data orders, and after the user has been consulted

In the event of termination by one of the contracting parties or after expiry of the contract period, the personal data will be deleted in compliance with all storage periods resulting from German commercial law, tax law and the provisions of the Satellite Data Security Act (SatDSiG).

For proposal not finally submitted, the personal data will be deleted one year after the last access by the user.

In the event of rejection of the application, the personal data will be deleted after a period of 1 year after receipt of the rejection notice. During this period, the applicant has the opportunity to object to the rejection.

6. Disclosure of personal data to third parties

DLR engages external IT service providers to maintain the IT systems and the server, who are granted access to the users' personal data stored in the system as part of their work for DLR, in particular as part of system administration.

The IT service provider is:
Computacenter AG & Co. oHG
Europaring 34-40
50170 Kerpen

DLR has concluded a data processing agreement with this company, which obliges this company to comply with the requirements of data protection law and ensures DLR's right to monitor compliance with these requirements.

As part of the fulfilment of its legal obligations (pursuant to Art. 6 (1) c GDPR) arising from the Satellite Data Security Act (SatDSiG), DLR is obliged to grant the supervisory authority, which monitors compliance with the provisions of the Satellite Data Security Act, access to the applicant's and inquirer's personal data as part of its examination powers. The responsible German authority is currently (SatDSiG 24 (1)) the Federal Office for Economic Affairs and Export Control (BAFA):

Federal Office for Economic Affairs and Export Control (BAFA) Referat 423
Frankfurter Strasse 29-35
65760 Eschborn

According to the provisions of 27 SatDSiG, the competent authority may transmit personal data which have become known to it during the performance of its duties under this Act to other authorities to the extent that knowledge of the personal data is necessary in its view.

7. Your rights under the Basic the EU General Data Protection Regulation (GDPR)

In accordance with Art. 15 of the General Data Protection Ordinance of the EU, you have the right at any time and free of charge to obtain information from DLR about the data stored about your person, the purposes for which the data is stored, the recipients of the data, the duration of data storage and the existence of the rights listed below. DLR is then obliged to provide you with a free copy of your personal data, in the case of electronic queries in a common electronic format. Link to the basic data protection regulation (hereinafter also GDPR) of the EU:


  • According to Art. 16 of the General Data Protection Ordinance, you have the right to request the correction of incorrect data stored about your person at any time. Incomplete data stored about you must be completed by DLR at your request. The fulfilment of this right is also ensured by reminder e-mails sent automatically once a year.

  • Right of deletion pursuant to Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right shall not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

  • Since DLR requires the personal data to be provided when you register in order to be able to legally pursue breaches of contract, it has the right under Art. 17 Para. 3 e) of the EU General Data Protection Ordinance to refuse the deletion or blocking of the personal data stored on your person during the term of the licence agreement concluded with you as a user after you have registered as a user. After the end of the contract, i.e. after termination of the contract, you have the right to have your personal data deleted.

  • In accordance with Art. 18 of the General Data Protection Ordinance, you have the right to request DLR to restrict the processing of your personal data if the data is incorrect. The accuracy of the data record stored about you is also ensured by the automated reminder e-mail sent to you once a year, among other things. The consequence of your right to request that data processing be restricted is that the data may only be processed with your consent or in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest.

  • Right of information pursuant to Article 19 of the General Data Protection Regulation: If you have exercised your right of rectification, cancellation or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or cancellation of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.

  • In accordance with Art. 20 General Data Protection Ordinance, you have the right to receive the data stored about your person in a structured, current and machine-readable format and you have the right to transmit this data to another data controller without hindrance by DLR. You also have the right that DLR transmits the personal data directly to another responsible body, if this is technically feasible.

  • Right to revoke consent granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.


  • Right of appeal under Article 77 of the GDPR: If you believe that the processing of personal data concerning you infringes the GDPR, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspected infringement, without prejudice to any other ad

DLR, 2006-2021

Impressum | Privacy Policy