Privacy Policy

For the automated processing and storage of personal data in the context of the use of the website
https://tandemx-science.dlr.de



DLR takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.

Your personal data will only be collected, used and passed on by us if this is legally permitted or if you agree to the data collection.


I. Name and address of the controller

The controller in the meaning of the General Data Protection Regulation, other national data protection laws in the Member States and related data protection regulations is:

German Aerospace Center e. V. (DLR)
Linder Hoehe
51147 Cologne
Germany

Telephone: +49 2203 601-0
E-Mail: datenschutz@dlr.de
WWW: http://www.dlr.de



II. Name and address of the data protection officer at DLR

Uwe Gorschuetz
German Aerospace Center e. V.
Linder Hoehe
51147 Cologne
Germany
E-Mail: datenschutz@dlr.de

1.Subject matter

The website of the TanDEM-X Science Coordination (https://tandemx-science.dlr.de) informs about the status of the German satellite mission of the German Aerospace Center (DLR) in general, about events, the available products and organises the scientific team of the mission. Furthermore, a proposal for access to the mission data for registered users can be submitted to the TanDEM-X Science Coordination via this page using online forms. There is a public area of the site accessible to everyone, where further information and documents can be viewed and downloaded; this freely accessible area provides access to the registration form and a screen for registered users to log in ('Investigator'). There is a non-public area of the site, which is only accessible after prior self-registration (=creation of a user account) and subsequent login via a login mask. This account can be used to receive news about the mission and events via email. The user account in the restricted area of the site also allows personalized access to the proposal online forms, or access to all the user's proposals submitted so far, as well as access to, input and modification of all personal data, including changing the password for the user account.

The minimum age for registering and visiting and using the non-public part of the website is 16 years.

If you do not agree to the processing of your personal data in the following form, DLR cannot provide you with the requested information or, in the case of a request for data delivery, the requested data.


1.1 User types of the web page

There are 3 user types for the web page:

For access to TanDEM-X satellite data for scientific purposes (as agreed in the TanDEM-X project), DLR stores and processes personal data. This is necessary for the administration and evaluation of the scientific applications, for the establishment of an order account, as well as for the fulfilment of the resulting license agreements for data delivery to the applicant. Furthermore, DLR has obligations to comply with the Satellite data security act (SatDSiG).

1.2 Use of cookies

Cookies are small files that are stored on your access device (PC, smartphone, etc.) when accessing a website, e.g. to enable the user to register or transfer the contents of online forms. So-called session cookies are used both for access to the freely accessible area of the site and for access to the non-public area of the site via login with user name and password. The user can disable the use of cookies or or remove them in the settings of his browser. The freely accessible area of the site can still be used. For the non-public area of the website, the enabling of session cookies is mandatory for the secure transmission of user input from the web form to the DLR server. The session cookies expire one hour after the last user input into an online form or after the active logout of the user. The session cookies are only used for the above-mentioned purpose and not, for example, to analyse user behaviour. (user tracking).

1.3 Provision of the website and generation of log files

Our system automatically collects data and information from the accessing computer system each time our website is visited.

The following data is collected in this context:

The data is also stored in log files kept on our system. This data is not stored together with other personal data concerning the user.

The legal grounds for temporary storage of the data and log files are set out in Art. 6, paragraph 1, part (f) of the EU General Data Protection Regulation (GDPR).

Temporary storage of the IP address by our system is necessary to deliver the website to the computer of the user. For this purpose, the user's IP address must be stored for the duration of the session.

Storage in log files takes place to ensure functionality of the website. In addition, the data is used to optimise the website and to ensure security of our Information Technology systems. Data analysis for marketing purposes does not take place in this context.

The DLR website collects a variety of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in server log files. The data and information collected include the (1) browser types and versions; (2) the operating system used by the accessing system; (3) the website from which the accessing system arrives on our website (the referrer); (4) the sub-pages visited by the accessing system; (5) the date and time of accessing our website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system and (8) other similar data and information that is used to protect against risks in the case of attacks on our Information Technology systems.

DLR does not draw any conclusions about the identity of the data subject during use of this general data and information. Instead, this information is necessary to (1) deliver the contents of our website in their correct form; to (2) optimise the contents of our website and promote it; to (3) guarantee the permanent functionality of our information technology systems and equipment used for our website; and to (4) provide the information necessary for law enforcement organisations to investigate cyber-attacks. This anonymous data and information is analysed by DLR, firstly for statistical purposes, and secondly with the objective of increasing data protection and data security at our research centre, and hence to achieve an optimum level of protection for the personal data processed by us. The anonymous data contained in the server log files is stored separately from all other personal data concerning the data subject

These purposes justify our legitimate interests in data processing according to Art. 6, paragraph 1, part (f) of the GDPR.

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data collection for the provision of this website, this applies at the end of each session.

In the case of data stored in log files, this occurs after no longer than seven days. Further storage is possible; in these cases, the users IP addresses are deleted or pseudonymised to prevent any association with the accessing client.

The collection of data for the provision of our website and the storage of data in log files is crucial to operation of the website. Hence, users are not granted a right to object.



2. The type and extent of personal data collected, temporarily stored and processed by DLR for the purposes stated below

Depending on the type of user, personal data is recorded in varying degrees of detail. There are 3 different user types for the website.



3. Purpose of the collection, processing and storage of personal data

Users with a simple user account will be informed of mission news and events. The e-mail address will only be stored and used for this purpose and will not be passed on to third parties.

When registering and subsequently submitting a proposal, DLR requires additional personal data for the administration and evaluation of the research application you have submitted and - if the proposal is approved - for the fulfilment of the resulting licence agreement (pursuant to Art. 6 (1) b GDPR) at the latest when the final proposal is submitted.

If the application is approved, DLR still needs the personal data stated in the application to fulfil its legal obligations (pursuant to Art. 6 (1) GDPR) resulting from the Satellite Data Security Act (SatDSiG).

Furthermore, your personal data is required to answer your inquiries and to inform you about important information in connection with the mission and events.

For ongoing mission planning and statistics as well as for planning future missions, DLR carries out statistical evaluations of the data; statistical results obtained for this purpose no longer contain any reference to personal data.



4. Modification of personal data

Questions regarding information about, and modification of personal data can be sent to the TanDEM-X Science Coordination in writing or by e-mail at any time:

Microwaves and Radar Institute
TanDEM-X Science Coordination
Muenchner Strasse 20
82330 Wessling
Germany
E-Mail: tandemx-science@dlr.de

Personal data of the user can be viewed and modified at any time in the non-public area of the website, which is only accessible to the registered user. If this is technically not possible, a change can also be arranged in writing or via e-mail to the Science Coordination.

The change of personal data of the other data recipients named by him is only possible for the user in the non-public area of the website as long as the application has not yet been finally submitted. After submission of the application, changes or deletions can be requested via e-mail to the Science Coordination. Processing time for changes of personal data on request is 1 month.



5. Duration of storage and deletion of personal data

Simple user accounts for which no contractual relationship exists through a licence agreement with DLR remain in existence for as long as the user wishes to maintain the account, but can be terminated at any time upon request by e-mail and deletion can be requested. The deletion takes place within one month. Furthermore, every user account holder will be asked once a year by e-mail whether she/he wishes to maintain her/his account. If an application is submitted, the above-mentioned mandatory personal data will be stored on DLR's servers from the date of online registration or the submission of a research proposal. DLR requires the mandatory data for the administration of the proposal/account and the resulting licensing agreement. The evaluation period of the proposal ends with the user sending the signed license agreement. If individual users violate the licence agreement, DLR needs the obligatory user data for the duration of the contract in order to be able to prosecute its rights against the infringers.

The licence is granted for the duration of the research purpose described in the application. The license agreement begins with the provision of the order account and is considered terminated when:

In the event of termination by one of the contracting parties or after expiry of the contract period, the personal data will be deleted in compliance with all storage periods resulting from German commercial law, tax law and the provisions of the Satellite Data Security Act (SatDSiG).

For proposal not finally submitted, the personal data will be deleted one year after the last access by the user.

In the event of rejection of the application, the personal data will be deleted after a period of 1 year after receipt of the rejection notice. During this period, the applicant has the opportunity to object to the rejection.



6. Disclosure of personal data to third parties

DLR engages external IT service providers to maintain the IT systems and the server, who are granted access to the users' personal data stored in the system as part of their work for DLR, in particular as part of system administration.

The IT service provider is:
Computacenter AG & Co. oHG
Europaring 34-40
50170 Kerpen
Germany

DLR has concluded a data processing agreement with this company, which obliges this company to comply with the requirements of data protection law and ensures DLR's right to monitor compliance with these requirements.

As part of the fulfilment of its legal obligations (pursuant to Art. 6 (1) c GDPR) arising from the Satellite Data Security Act (SatDSiG), DLR is obliged to grant the supervisory authority, which monitors compliance with the provisions of the Satellite Data Security Act, access to the applicant's and inquirer's personal data as part of its examination powers. The responsible German authority is currently (SatDSiG § 24 (1)) the Federal Office for Economic Affairs and Export Control (BAFA):

Federal Office for Economic Affairs and Export Control (BAFA) Referat 423
Frankfurter Strasse 29-35
65760 Eschborn
Germany

According to the provisions of § 27 SatDSiG, the competent authority may transmit personal data which have become known to it during the performance of its duties under this Act to other authorities to the extent that knowledge of the personal data is necessary in its view.



7. Your rights under the Basic the EU General Data Protection Regulation (GDPR)

In accordance with Art. 15 of the General Data Protection Ordinance of the EU, you have the right at any time and free of charge to obtain information from DLR about the data stored about your person, the purposes for which the data is stored, the recipients of the data, the duration of data storage and the existence of the rights listed below. DLR is then obliged to provide you with a free copy of your personal data, in the case of electronic queries in a common electronic format. Link to the basic data protection regulation (hereinafter also GDPR) of the EU:

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=ENRtuztrz