We attach particular importance to the protection of your privacy. This also applies to your visit to this website. That is why we conduct our activities in compliance with the relevant rules and regulations on the protection of personal data and data security. In the following, we specify the information we collect, where applicable, and how we process it.
2. Legal bases
Point (b) of Article 6(1) of the General Data Protection Regulation (GDPR) is the legal basis for the processing and protection of personal data on our websites.
3. What data are collected and how are they used?
The data are collected and processed for the following purposes:
- promoting safety and traffic management
- facilitating the safe flight of drones through validation support for drone flights
- supporting the planning of drone flights
Type of data collected
The following data are collected for using the contact form:
- surname, first name, email address
The following data are collected for using the website:
- browser type and version used, IP address, date and time of use
Server log files
Data are stored in log files to ensure the functionality of the website. Moreover, we use these data to optimize the website and to ensure the security of our information technology systems. In this context, the data are not evaluated for marketing purposes.
4. General data
When accessing these web pages, a log file automatically captures information of a general nature. This information includes for example the type of internet browser, the operating system used or the domain name of your Internet Service Provider. This exclusively concerns information which does not permit any conclusions to be drawn as to the person to which it relates. Besides, these data are also generated when accessing any other website on the internet. Therefore, this is not a specific function of the dipul website. Information of this kind is collected exclusively in a depersonalized form and used by us for statistical evaluations and for error analysis.
If you want to view your current location on the map and activate the relevant function in the Map Tool, the Geolocation API of your internet browser will be used with your consent. If you use a device with GPS support, the current location can be determined more precisely with the aid of the GPS module. Your location data will only be collected and used via the Geolocation API of your internet browser if you activate the positioning function by clicking on the relevant field. These data are used to align the map display and mark your location there.
We use the HERE Global B.V. system for the Map Tool. This allows us to offer you further visualization functions when you use the map function. When you use the Map Tool, HERE Global B.V. is informed that you have accessed the relevant website. Moreover, the coordinates of the current map section – and thus the location of the user – are transferred to activate the technical function.
5. Recipient of the data
DFS Deutsche Flugsicherung GmbH (German Air Navigation Services) is the recipient of the general data. When you use the Map Tool, we transfer the data which the service providers require in order to perform these services.
6. Access to data
Only the commissioned undertakings, Deutsche Flugsicherung GmbH and Unifly, have access to the data, since they are essential for the provision of their services. The commissioned undertakings were contractually obliged to use the data exclusively for the performance of the contract with DFS in accordance with Article 28 of the GDPR and not for their own purposes. Furthermore, the commissioned undertakings assure that the data will not leave the European Economic Area (EEA).
7. Scope and dissemination of personal data
In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functioning website as well as for our website contents and services.
8. Legal basis for data processing
The legal basis for the temporary storage of the data and log files is Article 32 of the GDPR. The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the web session.
9. Duration of storage
Personal data will be processed and stored for as long as this is necessary to fulfil our contractual and legal obligations and to serve the purpose of processing. If the data are no longer required for the fulfilment of contractual or legal obligations or if the purpose of data storage ceases to be relevant, they will be erased in accordance with the regulatory requirements, unless further temporary processing is necessary for the following reasons:
- compliance with storage obligations under commercial and tax law, which may arise, for example from the Commercial Code and the Fiscal Code. The periods specified therein for the storage or documentation of data are, as a rule, 2 to 10 years.
- preservation of evidence within the scope of the rules on limitation periods. In accordance with sections 195 et seqq. of the German Civil Code, the period of limitation is 3 years.
11. Security of personal data
DFS Deutsche Flugsicherung GmbH uses technical and organizational means to protect your personal data against access and misuse. When transferring personal data, these data are encrypted and protected by the TLS/SSL protocol (Transport Layer Security/Secure Sockets Layer). We always keep these precautions up to date in line with the technological development and while taking account of the relevant rules and regulations.
12. Amendment of the privacy statement
We reserve the right to continuously update this privacy statement in order to incorporate changes in legislation or court rulings. We therefore recommend to regularly access the relevant websites so as to be informed about the security and processing of your data.
As a data subject, you have the following rights:
Right to information
As the controller of these websites we are obliged, at your request, to confirm whether we process any of your personal data.
If we process such data, you can request to be informed by the controller about the following:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients and/or categories of recipient to whom your personal data have been or will be disclosed;
- the planned period for which your personal data will be stored, or, if specific information cannot be provided, the criteria used for determining that period;
- the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making including profiling referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
- whether your personal data is transferred to third countries or to international organizations. In this context, you may request to be informed about the appropriate safeguards referred to in Article 46 of the GDPR applying to such transfers.
Right to rectification
You have the right to obtain from the controller the rectification and/or completion of your personal data processed if they are inaccurate or incomplete. The controller must rectify these data without delay.
Right to restriction of processing
You may request the restriction of processing of your personal data under the following conditions:
- if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;
- if you have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification whether the legitimate reasons of the controller override your reasons.
Where processing of your personal data has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
Right to erasure
You have the right to obtain from the controller the erasure of your personal data under the following conditions:
- Obligation to erase personal data
You have the right to obtain from the controller the erasure of your personal data. Irrespective of this, your data will be erased if the relevant statutory conditions are fulfilled.
- Information to third parties
Where the controller has made your personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure by such controller of any links to, or copy or replication of, those personal data.
The right to erasure does not apply if:
- processing is necessary for exercising the right of freedom of expression and information;
- processing serves the purpose of complying with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- there are reasons in the public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
- there are the following reasons: for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise or defence of legal claims.
Right to information
If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or the restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
Right to data portability
You have the right to receive your personal data which you have provided to the controller, in a structured, commonly used and machine-readable format. Moreover, you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided if the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others. The exercise of the right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, which is based on points (e) and (f) of Article 6(1) of the GDPR.
The controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection of DFS Deutsche Flugsicherung GmbH, if you believe that the processing of your personal data infringes the GDPR. The supervisory authority responsible for DFS is the Federal Commissioner for Data Protection and Freedom of Information. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
14. Links to other websites
The web pages contain external links to other websites which are neither operated nor controlled by DFS Deutsche Flugsicherung GmbH. DFS Deutsche Flugsicherung GmbH is not responsible for content and compliance with the data protection provisions on these other websites.
15. Contact details and data protection authority
The controller within the meaning of the GDPR and other national data protection legislation of the Member States as well as other data protection provisions is:
DFS Deutsche Flugsicherung GmbH
Am DFS-Campus 10
CEO: Arndt Schoenemann
The contact details of the data protection officer are:
Dr Frank Schury
Am DFS-Campus 10
Group Data Protection Officer: Dr Frank Schury
Deputy Group Data Protection Officer: Riko Pieper
As at: 10 November 2021