Ionosphere Monitoring and Prediction Center

Privacy Notices

for the automated processing of personal data as part of the IMPC Service

The German Aerospace Center (Deutsches Zentrum für Luft- und Raumfahrt e. V., hereinafter referred to as "DLR") takes the protection of personal data very seriously. We want you to know when we store data, which types of data are stored and how it is used. As an incorporated entity under German civil law, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the German Act on Digital Services (DDG) and the Telecommunications Digital Services Data Protection Act (TDDDG). We have taken technical and organisational measures to ensure our compliance and the compliance of external service providers with the data protection regulation.

This website uses SSL – that is, TLS encryption – in order to protect the transfer of personal data and other confidential information (for example, orders or enquiries sent to the controller). A connection is encrypted if you see the character sequence 'https://' and the padlock icon in your browser's address bar.

DLR reserves the right to update this privacy notice, e.g. in order to adopt to legal requirements or to cover additional Download and Access Services.

1. The IMPC Service

The "Ionosphere Monitoring and Prediction Center" (IMPC) developed and operated by DLR provides a near real-time information and data service on the current state of the ionosphere, related forecasts and warnings.

Since the IMPC products and data are subject to a license agreement, personal data are needed to manage the license compliance.

The IMPC Service is generally aimed at persons aged 16 years or older.

2. Controller and Data Protection Officer

Controller within the meaning of the GDPR is the

 

Deutsches Zentrum für Luft- und Raumfahrt e. V. (DLR)
Linder Höhe, 51147 Cologne
Phone: +49 2203 601-0, web: www.dlr.de

 

You can contact the DLR Data Protection Officer at:

 

DLR Data Protection Officer, Linder Höhe, 51147 Cologne
Email: datenschutz@dlr.de.

 

3. Definition of terms

Among others, we use the following terms in this Privacy Policy, set out in the General Data Protection Regulation and the Federal Data Protection Act:

1. Personal data

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter: ‘data subject’). An identifiable natural person is one who can be identified – directly or indirectly – in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing is any operation or set of operations performed on personal data or on sets of personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

7. Controller or data processing controller

Controller or data processing controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

10. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

11.Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. General information on data processing

a) Description and scope of data processing

For the purposes of the license agreement we collect, store and process the following personal data from you:

Personal data to be provided during user registration (mandatory data):

  • First name
  • Last name
  • Business Category
  • Street
  • ZIP/Postal code
  • City
  • Country
  • e-mail address
  • User name
  • Password (freely selectable)

Optional data for self-registered users:

  • Title
  • Name of organization
  • State/Province

Furthermore, the following information is stored in the internal database as part of your user profile. This information cannot be changed by the user:

  • Time when the profile was created
  • Last change of user data
  • User password procedure
  • Password history
  • Last time the password was changed
  • Last login
  • Timestamp of successive authentication errors

b) Legal basis for data processing

The legal basis for the processing of your personal data, which must be entered during registration as well of the processing of the time stamp data, is Article 6 paragraph 1 lit. b of the General Data Protection Regulation (hereinafter also GDPR) of the European Union.

c) Purpose of data processing and duration of storage

DLR needs the obligatory registration data for the administration of the license agreement concluded with you, for example in order to be able to legally sanction violations of contract, such as unauthorized disclosure to third parties, or to be able to manage possible terminations.

Your above-mentioned obligatory personal data will be stored on DLR's servers from the date of your online registration as a user. DLR requires the mandatory data to be provided during registration in order to manage the license agreement. If you violate the license agreement, DLR needs the mandatory registration data for the duration of the contract in order to be able to enforce its rights against you.

The corresponding license agreements run for an unlimited period. If you or DLR terminate the contract, the corresponding data record with the obligatory personal data will be deleted.

In addition, the system automatically sends you a reminder e-mail once a year. These reminder e-mails ask you to check the data stored about you and to correct it if necessary. These reminder e-mails ensure that the data set is up to date and that the contractual relationship, rights and obligations arising from the license agreement are brought to mind.

If you no longer need the license, such an e-mail can also be a reminder of the possibility of terminating the license agreement and thus limit the system to the necessary in the interest of all parties.

DLR may also use your e-mail address to contact you in case of security or other important issues.

Please note that the purpose of storing your e-mail address is to be able to contact you by e-mail until termination of your account. Therefore, the use of one-time e-mail accounts is not allowed.

Please contact us in case of changes in your e-mail address.

DLR needs the time stamp data for purposes of technical reason of the IT system, that is to say for the steering of the workflows in the system and for purposes of IT security, e.g. enforcement of the password guide line in respect to the term for password renewal, in respect to control of usage of old passwords, blocking of the account in case of serval false registration attempts, etc.

This is also the legitimate interest for DLR in the sense of Article 6 paragraph 1 lit. f GDPR for processing of time stamp data. When the account is deleted the time stamp data will be deleted as well. This will be the case when the license agreement is terminated.

5. Provision of the website and generation of log files

a) Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • information about the browser type and version used
  • the computer's operating system
  • the IP address of the computer
  • date and time of access
  • referrer website(s)

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 paragraph 1 lit. f GPDR.

c) Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The IMPC Service collects a series of general data and information each time a person or an automated system accesses the Internet pages. This general data and information is stored in the log files of the servers. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), and (7) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, DLR does not draw any conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) ensure the integrity of the contents of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. These anonymously collected data and information are therefore evaluated by DLR both statistically and with the aim of increasing data protection and data security in our research center in order ultimately to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.

Our legitimate interest in data processing according to Article 6 paragraph 1 lit. f GPDR also lies in these purposes.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after fourteen days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or garbled, so that an assignment of the calling client is no longer possible.

e) Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

6. Storage of Information in the Users’ Terminal Equipment

a) Description and scope of data processing

Our website uses technically necessary temporary session cookies. Cookies are text files which are stored on a computer system via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.

So-called session cookies are used for the management of the user session during the visit on IMPC. The use of session cookies is required for the secure transmission of user input from the web form to the DLR server. The session cookies become invalid at the end of the user session. The technically necessary session cookies are only used for the above-mentioned purpose and not, for example, to analyze user behavior (user tracking).

A prior consent for activating cookies used on IMPC is not required as only technically necessary temporary cookies are used.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6  paragraph 1 lit. f GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to ensure the secure transfer of user permissions from the web forms to DLR servers and databases. The user data collected by technically necessary cookies are not used to create user profiles.

e) Duration of storage, possibility of objection and elimination

The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our Internet site are fully usable.

7. Registration form

a) Description and scope of data processing

During the user account self-registration process the personal information described in section “Personal data to be provided during user registration” above is collected in an account registration web form.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

b) Legal basis for data processing

The legal basis for the temporary storage of the registration data is Art. 6 para. 1 lit. b GPDR.

c) Purpose of data processing

The temporary storage of the registration data by the system is necessary to create the user account. We can use this data for helpdesk purposes, e.g. in case of user requests due to self-registration problems.

d) Duration of storage

All statements of the section “Provision of the website and creation of log files” above apply. Data stored in log files are deleted after fourteen days at the latest.

8. Contact form and email contact

a) Description and scope of data processing

Our website includes a contact form that can be used to contact us by electronic means. Where a data subject uses this option, the data entered in the input screen will be transferred to us and stored. This applies to the following data:

  • Email address
  • Category of request
  • Message content

The following data is stored additionally when sending a message:

  • IP address of the user
  • Date and time of contact request sent

Your consent for data processing will be obtained and you will be referred to this Privacy Notice during the sending process.

Alternatively, it is possible to contact us using the email address provided. The personal data of the user transferred with the email will be stored in this case.

The data is not transferred to third parties in this context. The data is used exclusively for processing the correspondence.

b) Legal basis for data processing

The legal basis for processing of the data in the event that consent has been received from the user is set out in Article 6 paragraph 1 lit. a of the EU General Data Protection Regulation (GDPR).

The legal basis for processing of the data sent to us by email is set out in Article 6, paragraph 1 lit. f of the GDPR. Where email contact is established with the intention of entering into a contract, additional legal bases for the processing are set out in Article 6, paragraph 1 lit. b of the GDPR.

c) Purpose of data processing

We use the personal data you provide in the contact form exclusively to process your enquiry. In the case of contact by email, this represents our necessary, legitimate interest in data processing.

Any other personal data that is processed when you send us the contact form is used to prevent abuse of the contact form and to protect the security of our Information Technology systems.

d) Duration of storage

The data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data entered in the input screen of the contact form and personal data sent to us by email, this is the case when correspondence with the user has come to an end. A conversation has come to an end when the circumstances indicate that the relevant matter has been dealt with definitively. All conversations older than 3 months are deleted once in a month.

Any additional personal data collected during the sending process will be deleted after a maximum of 14 days.

e) Right to objection and removal

The user is entitled to revoke their consent to the processing of personal data at any time. The user may object to the processing of personal data at any time by contacting datenschutz@dlr.de. Correspondence will be discontinued in these cases.

All personal data stored in connection with contacting us will be deleted in this case.

9. Newsletter

a) Description and scope of data processing

On our website you have the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask will be transmitted to us.

The main data are requested in the form:

  • E-mail address

In addition, the following data is collected during registration and stored in the database:

  • Newsletter ID
  • Newsletter format: Text
  • Subscription status (Subscribed, Activated, Unsubscribed)
  • Subscription Date, Activation Date, Unsubscribe Date

For the processing of the data, your consent will be obtained during the registration process and reference will be made to this privacy notice.

In connection with the data processing for the dispatch of newsletters, the data will not be passed on to third parties. The data will be used exclusively for sending the newsletter.

b) Legal basis for data processing

The newsletter is sent out based on the user's registration on the website: The legal basis for the processing of data after registration for the newsletter by the user is Article 6 paragraph 1 lit. a of the EU General Data Protection Regulation (GDPR), if the user has given his consent.

c) Purpose of data processing

The collection of the user's e-mail address is used to send the newsletter.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. The user's e-mail address and first and last name will therefore be stored as long as the subscription to the newsletter is active.

e) Right to objection and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. Each newsletter includes a suitable link or the user sends an email to IMPC UHD (impc-uhd@dlr.de).

10. Access to the data by third parties

To create and manage the necessary IT systems and the servers, DLR contracts with two external IT service providers, who are granted access to the users' personal data stored in the system as part of their work for DLR, in particular as part of system administration.

The two IT service providers are the following:

  • Computacenter AG & Co. oHG
    Europaring 34-40
    50170 Kerpen
  • Werum Software & Systems AG
    Wulf-Werum-Straße 3
    21337 Lüneburg
  • Navum GmbH
    Am Anger 3
    82237 Wörthsee

DLR has concluded contract data processing agreements with these two companies, which oblige these companies to comply with the requirements of data protection law and ensure DLR's right to monitor compliance with these requirements. Your personal data will neither be transmitted to other third parties nor to third countries.

11. Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights against the controller in accordance with the following provisions:

(1) Pursuant to Art. 15 GDPR, you may request information about the personal data we pro-cess. In particular, you may request information about the purposes of processing, the catego-ry of personal data, the categories of recipients to whom your personal data have been or will be disclosed, the planned storage period and the existence of the rights explained in this sec-tion.

(2) Pursuant to Art. 16 of the GDPR, you may request the rectification of inaccurate or in-complete personal data held by us without undue delay.

(3) Pursuant to Art. 17 of the GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for reasons specified by law, in particular to exercise the right to freedom of expression and information, to comply with a legal obligation, for rea-sons of public interest or to assert, exercise or even potentially defend legal claims.

(4) Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your per-sonal data insofar as their accuracy is disputed by you, the processing is unlawful, but you ob-ject to their erasure and we no longer require the personal data, but you need them for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

(5) Pursuant to Art. 20 GDPR, you may receive the personal data you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller.

(6) Pursuant to Art. 7 (3) GDPR, you may revoke a consent granted under data protection law at any time vis-à-vis us. This has the consequence that we may no longer continue the data processing based on this consent in the future.

(7) Right of objection pursuant to Art. 21 GDPR

If personal data is processed on the basis of legitimate interests pursuant to Art. 6(1) lit. (f) of the GDPR, you have the right to object to the processing of your personal da-ta pursuant to Art. 21 of the GDPR, provided that there are grounds for doing so which arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which is implemented by us without specifying a particular situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21 (6) of the GDPR.

For the purpose of exercising these rights, please contact the office indicated in section 2 above.

(8) Pursuant to Art. 77 of the GDPR, you may lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the regis-tered office of the controller is available for this purpose.

Last modified: 04/02/2025