Skip to main content
Logo

Privacy notice on the processing of personal data in the context of

37th ICTCT Conference 2025

Information according to Art. 13 General Data Protection Regulation (GDPR)

The German Aerospace Center (DLR) takes the protection of your personal data very seriously.

In accordance with the EU General Data Protection Regulation (GDPR) applicable from 25 May 2018, this privacy notice informs you about the processing activities of your personal data by DLR and about your data subject rights. These notices may be updated as necessary and will be made available to you.

1. Controller and Data Protection Officer

The Controller within the meaning of the GDPR is the

German Aerospace Center (DLR)
Linder Höhe, 51147 Cologne
Phone: +49 2203 601-0, web: https://www.dlr.de

You can contact the DLR Data Protection Officer at:
DLR Data Protection Officer, Linder Höhe, 51147 Cologne,
Email: datenschutz@dlr.de

2. Purpose of the processing activities

Processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 GDPR.

Registration and Participation in the event
We use your personal data for fulfilment of contractual and legal obligations, execution of a contractual relationship.

Data processing takes place at the request of the interested participants and is necessary pursuant to the first sentence of point (b) of Article 6 (1) GDPR for the purposes mentioned for the performance of the participation contract and in order to take steps prior to entering into it.

As part of the registration for an event, some mandatory information must be provided.
In this context, the following data are collected: Last name, first name, title, gender (m/f/d), company name, company address (street, postcode, town, country), telephone number,
e-mail address, date of birth, 1st citizenship and 2nd citizenship (if existing),

The purpose of processing the mandatory data is to identify you as event participant,
to reserve your place of participation, to establish or implement the contract for participation with you, We also require your data in order to prepare name badges and a name list of participants and to supply you with necessary event information before, during, and after the event to enable optimal participation, and to enable us to plan and ensure a smooth process.

If we collect your payment data for paid events, we need this for billing the participation fee.
We need your payment information to process the participation fee. (Payment information, depending on the selected method of payment (e.g. credit cards, bank account information)

The personal data required may vary slightly depending on the type of event for which you are registering. For example, you also have the option to voluntarily provide information about any dietary requirements and food into

The data processing is carried out at your request and is necessary for the fulfillment of the participant contract and pre-contractual measures according to Art. 6(1) sentence 1 lit. b GDPR.

Export Control
We use your personal data for fulfilment of legal obligations. For the export control check, which the DLR is obliged to carry out by law (Foreign Trade Act, Foreign Trade Ordinance, EC Dual-Use Ordinance, EU and US anti-terrorism requirements from EG Regulations 2580/2001 and 881/2002, embargo regulations, etc.).
For all DLR events where DLR acts as organiser or event supporter, the list of participants of non-EU citizens with the personal data: is transmitted to the internal DLR export officer/legal department for further processing and stored for a period of 5 years after the event date
The legal basis for the processing is Art. 6 para. 1 letter c) GDPR.

Consent
If you have given your consent to the processing of personal data, the data will only be processed for the purpose stated in the consent

We will use your email address to inform you about similar events organized by us in the future only if you have expressly consented to this use of your email address or if we have informed you thereof separately when collecting your email address and have pointed out your right to object to this use at any time.
If personal data is processed on the basis of your consent, you have the right to revoke your consent vis-à-vis our company at any time with permanent effect. If we process data on the basis of a balance of interests, as the data subject you have the right to object to the processing of your personal data, considering the requirements of Art. 21 GDPR.

3. Data categories

The following personal data are processed within the scope of the processing activity:

Participation in the event
The legal basis for the processing is Art. 6 para. 1 letter b) GDPR. In this context, the following data are collected: Last name, first name, title, gender (m/f/d), company name, company address (street, postcode, town, country), telephone number, e-mail address,  date of birth, 1st citizenship and 2nd citizenship (if existing),

Participation fees and payment transactions.
The legal basis for the processing is Art. 6 para. 1 letter a) and b) GDPR. Last name, first name, title, gender (m/f/d), company name, company address (street, postcode, town), telephone number, e-mail address, if applicable also date of birth, 1st citizenship and 2nd citizenship (if existing) of the invoice recipient, method of payment, IBAN, BIC, amount in euros.

Export Control
The legal basis for the processing is Art. 6 para. 1 letter c) GDPR.
For all DLR events where DLR acts as organiser or event supporter, the list of participants of non-EU citizens with the personal data: e.g. Last name, first name and 1st citizenship and 2nd citizenship (if existing), (if applicable, further data date/place) is transmitted to the internal DLR export officer/legal department for further processing and stored for a period of stored for a period of 5 years after the event date.

In case of onsite visit and onsite event at a DLR side
The legal basis for the processing is Art. 6 (1) (c) and (d) GDPR.

For all visits or onsite events that take place at a DLR site, the personal data:
Last name, first name, company name, company address (street, postcode, town), telephone number, e-mail address, if applicable also date of birth, 1st citizenship and 2nd citizenship (if existing) will be transmitted to the responsible DLR site security for further processing on the legal basis of Art. 6 para. 1. letter c) and d) GDPR (Export Control and Major Accidents Ordinance) and stored for a period of 5 years after the event date.

Consent

The legal basis for the processing is Art. 6 (1) (a) GDPR. In this context we will use your e-mail address only if you have expressly consented to this use of your email address or if we have informed you thereof separately when collecting your email address and have pointed out your right to object to this use at

4. Legal basis of the processing activities

  • If the processing is based on a declaration of consent, the legal basis for the processing is Art. 6 (1) (a) GDPR
  • If the processing is based on a contract or a similar relationship with you, the legal basis for the processing is Art. 6 (1) (b) GDPR.
  • If the data processing is based to fulfill a legal obligation the legal basis for the processing is Art. 6 (1) (c) GDPR.
  • If the processing is based on a legitimate interest of DLR, the legal basis of the processing is Art. 6 (1) (f) GDPR.

If personal data is processed on the basis of your consent, you have the right to revoke your consent vis-à-vis our company at any time with permanent effect. If we process data on the basis of a balance of interests, as the data subject you have the right to object to the processing of your personal data, considering the requirements of Art. 21 GDPR.

5. Categories of recipients

Personal data is regularly disclosed internally only to the departments that have been entrusted with the processing. In this connection, it shall always be assessed whether the transfer is necessary to that effect. Your data will only be passed on if confidentiality is maintained and only to the extent permitted by a legal basis.

We transfer data based on the procedures listed in point 5 below to the following external subcontractors/service providers:

a. For the purpose of managing the DLR event participant management including a registration website, participant registration, invoicing and the collection of participation fees:

BESL Eventagentur GmbH & Co KG, represented by the CEO, Mr. Christian
Pellenz, Köthener Str. 38, 10963 Berlin.

b. Certain employees of our IT service provider also have access to the data as part of the administration of our IT systems.
The company ComputaCenter as DLR's central IT service provider. If the data is deleted from DLR's systems, our IT service provider also no longer has access.

Computacenter AG & Co. oHG
Computacenter Park 1
50170 Kerpen

c. In the case of DLR on-site appointments and events that take place at a DLR site in Germany, we transmit the personal data: Last name, first name and nationality to the external DLR site protection.

DLR has signed contracts for commissioned data processing in accordance with the statutory provisions with the service providers specified in No. 5 a) to c) above to ensure that they also comply with the requirements of data protection law and data security. As prescribed, DLR monitors compliance with these requirements.

We ensure that only those departments and individuals receive your data that need it to fulfill our contractual and legal obligations.
Data is not transferred to third countries (outside the European Union or the European Economic Area).

Further information on data processing and your rights can be found at Data Protection EVC

6. Data retention period

The personal data will only be processed as long as necessary. The personal data of the person concerned will be deleted or blocked as soon as the purpose of the processing no longer applies.

The personal data is stored on an DLR internal secure project drive of the which is maintained by ComputaCenter as the central certified IT service provider of the DLR and the IT managers of the DLR/institute.

In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject.

7. Data subjects’ rights

You have the following rights against DLR with regard to the personal data concerning you. In order to exercise these rights, please contact the office indicated in section 1.

If your personal data is processed, you are a data subject within the meaning of theGDPR and you are entitled to the following rights vis-à-vis the person responsible in accordance with the regulations mentioned below

  • Right of access - Art. 15 GDPR
    The right of access grants the data subject comprehensive insight into the data concerning him or her and into other important criteria, such as the purposes of the processing or the period for which the data shall be stored. The derogations of this right laid down in Sect. 34 BDSG are applicable.
  • Right of rectification - Art. 16 GDPR
    The right to rectification implies the possibility for the data subject to have inaccurate personal data concerning him or her rectified.
  • Right to erasure - Art. 17 GDPR
    The right to erasure entails the possibility for the data subjects to have data erased at the controller. This is, however, only possible if the data concerning him or her are no longer necessary, if they have been unlawfully processed, or a corresponding consent has been withdrawn. The derogations laid down in Sect. 35 BDSG are applicable.
  • Right to restriction of processing - Art. 18 GDPR
    The right to restriction of processing includes the possibility for the data subject to prevent for the time being any further processing of personal data concerning him or her. A restriction mainly occurs at the stage of examining other exercises of rights by the data subject.
  • Right to data portability - Art. 20 GDPR
    The right to data portability implies the right for the data subject to receive from the controller the personal data concerning him or her in a commonly used, machine-readable format in order to have them, if necessary, transferred to another controller. In accordance with Art. 20 para. 3 sentence 2 of the GDPR, that right is not available if the data processing serves the purpose of performing public tasks.
  • Right to object - Art. 21 GDPR
    The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. The derogations laid down in Sect. 36 BDSG are applicable.

    If personal data are processed on the basis of legitimate interests in accordance with Article 6 paragraph 1 letter f) of the GDPA, you have the right to object, in accordance with Article 21 of the GDPA, to the processing of your personal data for reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case you have a general right of objection, which we will implement without specifying a specific situation, unless the processing is necessary for the performance of a task carried out in the public interest, Art. 21, paragraph 6 of the GDPR.
    In order to exercise these rights, please contact the office indicated in section 1 or 2
  • Withdrawal of consent
    Data subjects have the option to withdrawal their data protection consent at any time with effect for the future.
  • Complaint to a supervisory authority - Art. 77 GDPR
    Every data subject has the right to lodge a complaint with a supervisory authority. As a rule, the supervisory authority of your usual place of residence or workplace or the registered office of the person responsible is available for this purpose.

8. Provision of personal data

There is no obligation to provide personal data. Where these data are not provided either completely or in part, the processing is not possible or is only possible to a limited extent. This shall not apply to such data that we process within the scope of consent.

9. Automated decision making

Automated decision-making does not take place.

    • Participation in the event; participation fees and payment transactions.
      The legal basis for the processing is Art. 6 para. 1 letter a) and b) GDPR.
      Last name, first name, title, gender (m/f/d), company name, company address (street, postcode, town), telephone number, e-mail address, if applicable also date of birth, 1st citizenship and 2nd citizenship (if existing) of the invoice recipient, method of payment, IBAN, BIC, amount in euros.
    • Onsite Visit and onsite event at DLR side
      The legal basis for the processing is Art. 6 (1) (c) and (d) GDPR.
      For all visits or onsite events that take place at a DLR site, the personal data: Last name, first name, company name, company address (street, postcode, town), telephone number, e-mail address, if applicable also date of birth, 1st citizenship and 2nd citizenship (if existing) will be transmitted to the responsible DLR site security for further processing on the legal basis of Art. 6 para. 1. letter c) and d) GDPR (Export Control and Major Accidents Ordinance) and stored for a period of 5 years after the event date.