37th ICTCT Conference 2025

Privacy notice on the processing of personal data in the context of

37th ICTCT Conference 2025

Information according to Art. 13 General Data Protection Regulation (GDPR)

The German Aerospace Center (DLR) takes the protection of your personal data very seriously.

In accordance with the EU General Data Protection Regulation (GDPR) applicable from 25 May 2018, this privacy notice informs you about the processing activities of your personal data by DLR and about your data subject rights. These notices may be updated as necessary and will be made available to you.

1. Controller and Data Protection Officer

The Controller within the meaning of the GDPR is the
German Aerospace Center (DLR)
Linder Höhe, 51147 Cologne
Phone: +49 2203 601-0, web: https://www.dlr.de

You can contact the DLR Data Protection Officer at:
DLR Data Protection Officer, Linder Höhe, 51147 Cologne,

Email: datenschutz@dlr.de

2. Purpose of the processing activities

Processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 GDPR.

We will use your email address to inform you about similar future events and research progress organized by the German Aerospace Center (DLR e.V.) only if you have expressly consented to this use of your email address or if we have informed you thereof separately when collecting your email address and have pointed out your right to object to this use at any time.
If you have given your consent to the processing of personal data, the data will only be processed for the purpose stated in the consent

3. Data categories

The following personal data are processed within the scope of the processing activity:

Participation in the event
The legal basis for the processing is Art. 6 para. 1 letter b) GDPR. In this context, the following data are collected: Last name, first name, title, gender (m/f/d), company name, company address (street, postcode, town, country), telephone number, e-mail address,
date of birth, 1st citizenship and 2^nd citizenship (if existing),

Participation fees and payment transactions.
The legal basis for the processing is Art. 6 para. 1 letter a) and b) GDPR. Last name, first name, title, gender (m/f/d), company name, company address (street, postcode, town), telephone number, e-mail address, if applicable also date of birth, 1st citizenship and 2nd citizenship (if existing) of the invoice recipient, method of payment, IBAN, BIC, amount in euros.

Export Control
The legal basis for the processing is Art. 6 para. 1 letter c) GDPR.
For all DLR events where DLR acts as organiser or event supporter, the list of participants of non-EU citizens with the personal data: e.g. Last name, first name and 1st citizenship and 2nd citizenship (if existing), (if applicable, further data date/place) is transmitted to the internal DLR export officer/legal department for further processing and stored for a period of stored for a period of 5 years after the event date.

Consent
Using your Email Address
We will use your email address to inform you about similar future events and research progress organized by the German Aerospace Center (DLR e.V.) only if you have expressly consented to this use of your email address or if we have informed you thereof separately when collecting your email address and have pointed out your right to object to this use at any time.

If you have given your consent to the processing of personal data, the data will only be processed for the purpose stated in the consent

If personal data is processed on the basis of your consent, you have the right to revoke your consent vis-à-vis our company at any time with permanent effect. If we process data on the basis of a balance of interests, as the data subject you have the right to object to the processing of your personal data, considering the requirements of Art. 21 GDPR.

In case of onsite visit and onsite event at a DLR side
The legal basis for the processing is Art. 6 (1) (c) and (d) GDPR.
For all visits or onsite events that take place at a DLR site, the personal data:
Last name, first name, company name, company address (street, postcode, town), telephone number, e-mail address, if applicable also date of birth, 1st citizenship and 2nd citizenship (if existing) will be transmitted to the responsible DLR site security for further processing on the legal basis of Art. 6 para. 1. letter c) and d) GDPR (Export Control and Major Accidents Ordinance) and stored for a period of 5 years after the event date.

4. Legal basis of the processing activities

If the processing is based on a declaration of consent, the legal basis for the processing is Art. 6 (1) (a) GDPR

5. Categories of recipients

Personal data is regularly disclosed internally only to the departments that have been entrusted with the processing. In this connection, it shall always be assessed whether the transfer is necessary to that effect. Your data will only be passed on if confidentiality is maintained and only to the extent permitted by a legal basis.

We transfer data based on the procedures listed in point 5 below to the following external subcontractors/service providers:

For the purpose of managing the DLR event participant management including a registration website, participant registration, invoicing and the collection of participation fees:
BESL Eventagentur GmbH & Co KG, represented by the CEO, Mr. Christian Pellenz, Köthener Str. 38, 10963 Berlin.
Certain employees of our IT service provider also have access to the data as part of the administration of our IT systems.
The company ComputaCenter as DLR's central IT service provider. If the data is deleted from DLR's systems, our IT service provider also no longer has access.
Computacenter AG & Co. oHG
Computacenter Park 1
50170 Kerpen
In the case of DLR on-site appointments and events that take place at a DLR site in Germany, we transmit the personal data: Last name, first name and nationality to the external DLR site protection.
DLR has signed contracts for commissioned data processing in accordance with the statutory provisions with the service providers specified in No. 5 a) to c) above to ensure that they also comply with the requirements of data protection law and data security. As prescribed, DLR monitors compliance with these requirements.

We ensure that only those departments and individuals receive your data that need it to fulfill our contractual and legal obligations.

For additional purposes
Beyond the above, we disclose your personal data to third parties only if:

you have given consent pursuant to Art. 6 (1) lit. a GDPR, or in the event that there is a legal requirement for disclosure pursuant to Art. 6 (1) lit. c GDPR.

Data is not transferred to third countries (outside the European Union or the European Economic Area).

Further information on data processing and your rights can be found at Data Protection of 37th ICTCT Conference 2025

6. Data retention period

The personal data will only be processed as long as necessary. The personal data of the person concerned will be deleted or blocked as soon as the purpose of the processing no longer applies.

The personal data is stored on an DLR internal secure project drive of the which is maintained by ComputaCenter as the central certified IT service provider of the DLR and the IT managers of the DLR/institute.

Storage takes here place only if you have consented to storage beyond that pursuant to Art. 6 (1). a) GDPR.

7. Data subjects’ rights

You have the following rights against DLR with regard to the personal data concerning you. In order to exercise these rights, please contact the office indicated in section 1.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible in accordance with the regulations mentioned below

Right of access - Art. 15 GDPR
The right of access grants the data subject comprehensive insight into the data concerning him or her and into other important criteria, such as the purposes of the processing or the period for which the data shall be stored. The derogations of this right laid down in Sect. 34 BDSG are applicable.
Right of rectification - Art. 16 GDPR
The right to rectification implies the possibility for the data subject to have inaccurate personal data concerning him or her rectified.

Right to erasure - Art. 17 GDPR
The right to erasure entails the possibility for the data subjects to have data erased at the controller. This is, however, only possible if the data concerning him or her are no longer necessary, if they have been unlawfully processed, or a corresponding consent has been withdrawn. The derogations laid down in Sect. 35 BDSG are applicable.

Right to restriction of processing - Art. 18 GDPR
The right to restriction of processing includes the possibility for the data subject to prevent for the time being any further processing of personal data concerning him or her. A restriction mainly occurs at the stage of examining other exercises of rights by the data subject.

Right to data portability - Art. 20 GDPR
The right to data portability implies the right for the data subject to receive from the controller the personal data concerning him or her in a commonly used, machine-readable format in order to have them, if necessary, transferred to another controller. In accordance with Art. 20 para. 3 sentence 2 of the GDPR, that right is not available if the data processing serves the purpose of performing public tasks.

Right to object - Art. 21 GDPR
The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. The derogations laid down in Sect. 36 BDSG are applicable.

If personal data are processed on the basis of legitimate interests in accordance with Article 6 paragraph 1 letter f) of the GDPA, you have the right to object, in accordance with Article 21 of the GDPA, to the processing of your personal data for reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case you have a general right of objection, which we will implement without specifying a specific situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21, paragraph 6 of the GDPR.
In order to exercise these rights, please contact the office indicated in section 1 or 2

Withdrawal of consent
Data subjects have the option to withdrawal their data protection consent at any time with effect for the future.
Complaint to a supervisory authority - Art. 77 GDPR
Every data subject has the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the person responsible is available for this purpose.

8. Provision of personal data

There is no obligation to provide personal data. Where these data are not provided either completely or in part, the processing is not possible or is only possible to a limited extent. This shall not apply to such data that we process within the scope of consent.

9. Automated decision making

Automated decision-making does not take place.