Information about Data Protection
Data Protection Consent
The German Aerospace Center (Deutsches Zentrum für Luft- und Raumfahrt e. V., hereinafter referred to as “DLR”) takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.
1 AgRAIN Website Service
AgRAIN (Agriculture Rain) is an international research project funded by the Federal Ministry of Research and Education, improving information about rainfall and rainwater usage for adapted agricultural production under high climate variability in Burkina Faso. The AgRAIN website provides you an overview of the backround, the approach and the aims of the AgRAIN project. The AgRAIN website is a static website, it might be adjusted during the project phase and will inform you about the current state of the project. A registration or interaction with the user is not intended. All images and are property of the DLR, a use without the permission of the DLR is excluded.
2 Name and address of the controller
Controller within the meaning of the GPDR is the
Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)
3 Name and address of the data protection officer
Contact details of DLR’s Data Protection Officer:
Deutsches Zentrum für Luft- und Raumfahrt e. V.
Phone: +49 2203 601 4015
4 Definition of terms
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or data processing controller
Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5 General information on data processing
a) Description and scope of data processing
This service does not offer the creation of user accounts. Therefore, no personal information is stored for authentication and authorization purposes.
b) Legal basis for data processing
c) Purpose of data processing and duration of storage
6 Provision of the website and generation of log files
a) Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and version
- The user’s operating system
- The user’s IP address
- The date and time of access
- Referer website(s)
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
b) Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6, paragraph 1, part (f) GPDR.
c) Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
The AgRAIN website collects a variety of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in server log files. The data and information collected include the (1) browser types and versions; (2) the operating system used by the accessing system; (3) the user’s IP address; (4) the date and time of access; (5) the website(s) from which the accessing system arrives on our website (the referer).
When using this general data and information, DLR does not draw any conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) ensure the integrity of the contents of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated by DLR both statistically and with the aim of increasing data protection and data security in our research center in order ultimately to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
These purposes justify our legitimate interests in data processing according to Art. 6, paragraph 1, part (f) of the GDPR.
d) Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 28 days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or garbled, so that an assignment of the calling client is no longer possible.
e) Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
We do not use any cookies on this website.
8 Email contact
a) Description and scope of data processing
It is possible to get in contact with us using the email address provided. The personal data of the user transferred with the email will be stored in this case.
The data is not transferred to third parties in this context. The data is used exclusively for processing the correspondence.
b) Legal basis for data processing
The legal basis for processing of the data sent to us by email is set out in Art. 6, paragraph 1, part (f) of the GDPR. Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Art. 6, paragraph 1, part (b) of the GDPR.
c) Purpose of data processing
We use the personal data you provide in an email exclusively to process your enquiry. This represents our necessary, legitimate interest in data processing.
d) Duration of storage
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively.
e) Right to objection and removal
The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting firstname.lastname@example.org. Correspondence will be discontinued in these cases.
All personal data stored in connection with contacting us will be deleted in this case.
9 Access to the data by third parties
To create and manage the necessary IT systems and the servers, DLR contracts with an external IT service provider, who are granted access to the AgRAIN webserver as part of their work for DLR, in particular as part of system administration.
The IT service provider is:
Am Anger 3
DLR has concluded contract data processing agreements with the company, which oblige the company to comply with the requirements of data protection law and ensure DLR’s right to monitor compliance with these requirements. Your personal data will neither be transmitted to other third parties nor to third countries.
10 Rights of the data subject
Your rights under the General Data Protection Regulation (GDPR) of the European Union:
1) In accordance with Article 15 of the GPDR, you have the right to obtain from the controller confirmation of whether personal data concerning you is processed by us.
Where such processing takes place, you have the right to obtain the following information from the controller:
- the purposes for which the personal data is processed;
- the categories of personal data that is processed;
- the recipients, or categories of recipients to whom the personal data relating to you has been or will be disclosed;
- the planned duration of storage of the personal data concerning you, or the criteria applied to defining the duration of storage if precise information in this regard is not available;
- • the existence of a right to correction or deletion of the personal data concerning you, the right to restrict processing by the controller or the right to object to this processing;
- the right to lodge a complaint with a supervisory authority;
- all information available concerning the origins of the data if the personal data was not collected from the data subject;
- the existence of an automated decision-making process, including profiling, according to Art. 22 paragraphs 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic and implications involved, as well as on the intended effects of this kind of processing on the data subject;
- You also have the right to obtain information on whether the personal data concerning you has or will be transferred to a third country or to an international organization. In this regard, you are entitled to request information on the appropriate guarantees in place with regard to this processing in accordance with Art. 46 of the GDPR.
The controller will provide a copy of the personal data that is subject to processing. Where you request additional copies, the controller is entitled to charge an appropriate fee based on administrative costs. If you place the application by electronic means, the information will be made available in a standard electronic format, except where otherwise specified by you. The right to receive a copy in accordance with paragraph 3 of this section must not adversely affect the rights and freedoms of other persons.
2) According to Art. 16 of the GPDR, you have the right to request the correction of incorrect data stored about your person at any time. Taking into account the purposes of data processing incomplete data stored about you must be completed by DLR at your request. The fulfilment of this right is also ensured by reminder e-mails sent automatically once a year.
3) Right to deletion according to Art. 17 GPDR:
Obligation to delete
You have the right to request the controller to delete personal data concerning you without undue delay, and the controller will be obliged to delete personal data immediately where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you withdraw consent on which the processing is based according to part (a) of Art. 6, paragraph 1, or part (a) of Art. 9, paragraph 2 of the GDPR, and there is no other legal basis for the processing;
- you object to the processing pursuant to Art. 21, paragraph 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, paragraph 2 of the GDPR;
- the personal data concerning you has been unlawfully processed;
- the personal data has to be deleted to comply with a legal obligation under a Union or Member State law to which the controller is subject;
- The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8, paragraph 1 of the GDPR.
Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17, paragraph 1 of the GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, is required to take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested to be deleted by such controllers, as well as any links to, copies or replications of such personal data.
The right to deletion does not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation under Union or Member State law to which the controller is subject or for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with parts (h) and (i) of Art. 9, paragraph 2 and Art. 9, paragraph 3 of the GDPR;
- • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art. 89, paragraph 1 of the GDPR, insofar as the rights referred to in section (a) are likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Since DLR requires the personal data to be provided when you register in order to be able to legally pursue breaches of contract, it has the right under Art. 17 Para. 3 e) of the GPDR to refuse the deletion or blocking of the personal data stored on your person during the term of the license agreement concluded with you as a user after you have registered as a user. After the end of the contract, i.e. after termination of the contract, you have the right to have your personal data deleted. The same is also applicable to the time stamp data which DLR is processing on the legal basis of Art. 6 (1) f) GDPR for the purposes of technical reason of the IT system, that is to say for the steering of the workflows in the system and for purposes of IT security. As soon as the licence agreement is terminated the time stamp data will be deleted.
4) According to Art. 18 of the GPDR, you have the right to limit processing:
You have the right to request from the controller restriction of processing of personal data concerning you under the following conditions:
- where the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the deletion of the personal data, and instead request the restriction of its use;
- the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
- if you have objected to processing pursuant to Art. 21, paragraph 1, of the GDPR, pending the verification of whether the legitimate reasons of the controller override your reasons.
Where processing of the personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where you have obtained restriction of processing under the conditions set out above, you will be informed by the controller before the restriction of processing is lifted.
5) Right to notification under Article 19 of the GPDR: Where you have exercised the right to correction, deletion or restriction of processing with the data controller, the data controller shall be obliged to notify all recipients to whom the personal data concerning you was disclosed of this correction or deletion of data or of the restriction of processing, except where compliance proves to be impossible or is associated with a disproportionate effort.
In addition, you are entitled to require that the data controller inform you about these recipients
6) In accordance with Art. 20 of the GPDR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to transfer that data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to part (a) of Article 6, paragraph 1 or part (a) of Article 9, paragraph 2 of the GDPR or in a contract pursuant to part (b) of Art. 6, paragraph 1 of the GDPR; and
- the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of other persons.
The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7) Right to withdraw consent granted pursuant to Art. 7 para. 3 GPDR: You have the right to withdraw consent to the processing of data once granted at any time with effect for the future. In the event of withdrawal we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal;
8) RIGHT OF OBJECTION FROM ART. 21 GPDR: You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on parts (e) or (f) of Art. 6, paragraph 1 of the GDPR; this includes profiling based on those provisions.
The controller shall no longer process the personal data concerning you, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object, at any time, to the processing of personal data concerning you for the purpose of such marketing. This applies also to profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding directive 2002/58/EC, you may exercise your right to object by automated means that use technical specifications.
Where personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89, paragraph 1 of the GDPR, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you, except where the processing is necessary for the performance of a task carried out for reasons of public interest.
Should you wish to exercise your right to withdraw consent or to object, please send an email to email@example.com.
9) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you.
This does not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the data controller;
- is authorised by Union or Member State law to which the controller is subject and which also contains suitable measures to safeguard your rights, freedoms and legitimate interests; or
- is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art 9, paragraph 1 of the GDPR, unless parts (a) or (g) of Art. 9, paragraph 2 of the GDPR applies and suitable measures to safeguard your rights, freedoms and legitimate interests are in place.
In the cases referred to in parts (1) and (3), the data controller is required to implement suitable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
10) Right to lodge a complaint under Art. 77 GPDR: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your normal residence, you place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
Last updated on July 20th 2020