General Information on Data Protection when Visiting Our Websites

Please note that apart from this general information, further specific information applies. You can find this information in the respective sections at dfs.de.

Data protection
We attach particular importance to the protection of your privacy. Of course, this also applies to your visit to our website. We therefore act in accordance with the applicable laws on personal data and data security. The following sections will give you more information as to which personal data we may collect and how we may store them.

Legal basis
We base the processing and protection of data on our websites in particular on Article 6(1) (b) and (e) of the EU General Data Protection Regulation (GDPR).

General data
When you access DFS websites, general information will be automatically stored in a log file. This can be information concerning the type of web browser, the operating system used or the domain name of your internet service provider. None of these data allows any conclusions to be drawn about your person. Furthermore, such data are also generated once you access any other website on the internet. Thus, these data are not only collected on DFS websites. We exclusively collect anonymised data, which are then used for the purpose of statistical evaluations and error analysis.

Personal data
If you wish to make use of any of our customised services or send us a message via our Contact page or subscribe to our newsletter, we will ask you for certain personal data which we require to provide the services requested.

You will find such information on the relevant forms. In this way, we also meet our specific obligations to provide information. We will not pass on your data to third parties. In addition to the data you provide, we also consider the way you use our services in order to provide you with information of interest to you as quickly as possible and to continuously optimise our services.

Recipients of personal data
The data recipient is the DFS Systems House.

Scope of personal data processing
We collect and use our users' personal data only to provide a functional website and as required for our contents and services.

In addition, it is in our legitimate interest to continuously improve our online offer and make it more attractive to you. Only if we know which parts of our website are visited most, can we optimise the contents to better suit your needs. The better we know your requirements, the easier it will be for you to find what you are looking for.

Provision of a website and creation of log files
Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the visiting computer's system. The following data are collected:

  1. Information about the browser type and version used
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. Date and time of the access
  6. Websites used by the user's system to access the website
  7. Websites that were accessed through our website by the user's systemThe data are also stored in our system's log files.

This data will not be stored together with the user's other personal data.

Legal basis for data processing and purpose of data processing
Art. 32 of the GDPR is the legal basis for the temporary retention of your data and log files.
The temporary retention of your IP address by the system is necessary to facilitate delivery of the website to the user's computer. To do this, the user's IP address must be retained for the duration of the session.
The data are stored in log files in order to ensure that the website functions properly. The data also help us optimise the website contents and ensure the security of our IT systems. We will not use the data for marketing purposes in any way.

Retention period
The data will be erased as soon as they are no longer needed for the purpose for which they were collected. If the data are collected to facilitate provision of the website, they will be erased once the session has ended.
When the data are stored in log files, the data will be erased no later than after 180 days. Storing the data for longer is possible, but in this case the users' IP addresses will be anonymised so that they can no longer be allocated to the requesting client.

Tracking
By enabling tracking protection (the do-not-track function) in your browser, you can exercise your right to object to this recording of data. In this case, your data will not be recorded. Otherwise, by using our website you consent to us capturing certain data, and processing and using the data for the above-mentioned purpose. In return, we undertake only to collect those data that are absolutely necessary and to protect them at all times. We would like to emphasise that we will not pass on your data to third parties or use them for marketing purposes in any way.

Cookies
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, cookies may be stored on the user's operating system. This cookie contains a character string that allows the site to uniquely identify the browser when the user visits the site again.

We use cookies to make our website user-friendly. Some elements on our website require that the browser be identified even after leaving the page.

The following data are stored in the cookies:

  1. Language settings
  2. Login information

We also use cookies on our website to analyse the user's surfing behaviour. In doing so, the following data may be stored:

  1. Frequency of site visits
  2. Using website functions

The user's data that are collected will be automatically anonymised. The data will not be stored with any of the user’s personal data.

If you do not want us to recognise your computer, please set up your internet browser in such a way that it deletes all cookies from your hard drive, blocks them or warns you before a cookie is stored.

Option
We would like to use your data to provide you with news about DFS as well as new products and services. Of course, you are not obliged to agree to such updates. If you do not wish to receive any of this information from DFS, you may let us know at any time using the link at the bottom of the sent message so that we can block your data accordingly. You will find further information on the relevant website.

Security of your personal data
DFS takes technical and organisational measures in order to protect your personal data from access and misuse. Any transmitted personal data will be protected by encryption, such as the TLS/SSL protocol (transport layer security/secure sockets layer).

We continuously revise these security measures to take account of technological advances and applicable legal provisions.

Changes to our privacy policy
We reserve the right to continuously update our privacy policy in order to take into account changes in legislation or jurisdiction. We therefore recommend that you visit the relevant websites on a regular basis in order to keep informed about the protection and processing of your data.

Your rights

Right of access
You have the right to obtain confirmation from us, the controller for these websites, as to whether or not personal data concerning you are being processed.

If that is the case, you may request access to the following information from the controller:

  1. The purposes for which the personal data are being processed;
  2. The categories of personal data that are being processed;
  3. The recipient or categories of recipients to whom the personal data have been or will be disclosed;
  4. The envisaged retention period for which your personal data will be stored or, if no concrete information is available on this, the criteria used to determine the retention period;
  5. The existence of the right to request from the controller rectification or erasure of the personal data or restriction of processing the personal data or to object to the data processing;
  6. The right to lodge a complaint with a supervisory authority;
  7. All available information about the source of the data if the personal data were not collected from the data subject;
  8. The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of this processing for the data subject.

You have the right to be informed of whether your personal data will be transferred to a third country or an international organisation. In this context, you may request that you be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.

Right to rectification
You have the right to have the personal data rectified and/or completed by the controller, provided that the processed personal data are inaccurate or incomplete. The controller must make the corrections without undue delay.

Right to restriction of data processing
You have the right to restrict the processing your personal data under the following conditions:

  1. If you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
  2. The processing is unlawful and you oppose the erasure of your personal data and instead request the restriction of its use;
  3. The controller no longer needs the personal data for the specified purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  4. If you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.

If processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

If restriction of processing has been obtained pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.

Right to erasure
a) Obligation to erase personal data
You can request that the controller erase your personal data. Regardless of such a request, your data will be erased when the legal requirements for such an erasure are met.

b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of all links to, or copy or replication of, those personal data.

c) Exemptions
The right to erasure shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Article 9(3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

Right to notification
If you have notified the controller of your right to rectification, erasure or restriction of processing, the controller shall be obliged to communicate the rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right for the controller to inform you about those recipients.

Right to data portability
You have the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. The processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) and
  2. the processing is carried out by automated means.

In exercising this right to data portability, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1)(e) of the GDPR.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with the supervisory authority for data protection at DFS Deutsche Flugsicherung GmbH if you think that the processing of personal data relating to you is in violation of the GDPR. The competent supervisory authority for DFS is the Federal Commissioner for Data Protection and Freedom of Information.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

Links to other websites
The website of DFS Deutsche Flugsicherung GmbH contains links to other websites that are neither operated by nor the responsibility of DFS Deutsche Flugsicherung GmbH. DFS Deutsche Flugsicherung GmbH is not responsible for the content of and compliance with data protection rules on these other websites.

Contact information and data protection officer
The responsible body within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

DFS Deutsche Flugsicherung GmbH
Headquarters
Am DFS-Campus 10
63225 Langen
Germany

Managing Director:
Dirk Mahns (Acting Chairman)

The company's data protection officer is:
Dr Frank Schury
Am DFS-Campus 10
63225 Langen
Germany
Tel.: +49 (0)6103/707-4220 and 707-4223 (deputy)
E-mail: datenschutzbeauftragter@dfs.de