1 Personal data
If you would like to use the DFS Deutsche Flugsicherung GmbH Special use of airspace website, we will ask you for certain personal data necessary for the provision of our service. This personal data will be used for the following activities as part of our service; we will not process the data outside the specified activities.
- If you wish to obtain a permit for the release of balloons or sky lanterns, your personal data (surname, first name, e-mail, mobile phone, place of release (address), date, duration, number of balloons/lanterns) will be processed automatically and forwarded to the person responsible for the airspace for a manual check, if necessary. The person responsible for the airspace may not be an employee of DFS Deutsche Flugsicherung GmbH. In such a case, your personal data will be forwarded to a third party. Your application will nevertheless be held in our system.
- If you wish to apply for a permit for photo flights, the corresponding application will be forwarded to the responsible DFS branch and processed there.
2 Scope of personal data processing
We collect and use our users' personal data only to provide a functional website and as required for our contents and services. We only collect and use our users' personal data with their permission. The only exception in these cases is when the data subject's prior consent is not possible and processing of the data is required by law.
3 Legal basis for processing personal data
Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data provided that we have obtained the data subject's consent for processing their personal data.
Article 6(1)(c) of the GDPR is the legal basis if the processing of personal data is necessary for compliance with a legal obligation to which DFS Deutsche Flugsicherung GmbH is subject.
4 Data erasure and retention period
The data subject's personal data will be erased as soon as the purpose for which the data were retained is no longer necessary. The data may also be retained if this was provided for by the European or national legislatures in EU regulations, laws or other provisions to which the data controller is subject.
5 Provision of a website and creation of log files
5.1 Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the visiting computer's system. The following data are collected:
- Information about the browser type and version used
- The user's operating system
- The user's internet service provider
- The user's IP address
- Date and time of the access
- Websites used by the user's system to access the website
- Websites that were accessed through our website by the user's system
The data are also stored in our system's log files. This data will not be stored together with the user's other personal data.
5.2 Legal basis for data processing and purpose of the data processing
Art. 6(1) read in conjunction with Art. 32(1) of the GDPR is the legal basis for the temporary retention of your data and log files.
The temporary retention of your IP address by the system is necessary to facilitate delivery of the website to the user's computer. To do this, the user's IP address must be retained for the duration of the session.
The data are stored in log files in order to ensure that the website functions properly. The data also help us optimise the website contents and ensure the security of our IT systems. We will not use the data for marketing purposes in any way.
5.3 Retention period
The data will be erased as soon as they are no longer needed for the purpose for which they were collected. If the data are collected to facilitate provision of the website, they will be erased once the session has ended.
When the data are stored in log files, the data will be erased no later than after 180 days. Storing the data for longer is possible, but in this case the users' IP addresses will be anonymised so that they can no longer be allocated to the requesting client.
6.1 Description and scope of data processing
The following data are stored in the cookies:
- Language settings
- Login information
In doing so, the following data may be stored:
- Frequency of site visits
- Use of website functions
The user's data that are collected will be anonymised using certain technological measures. The data will not be stored with any of the users' personal data.
6.2 Legal basis for data processing and purpose of data processing
Art. 32 of the GDPR is the legal basis for the processing of your personal data when using cookies.
The purpose of using technically necessary cookies is to make it easier for users to use websites. Some of the functions of our website cannot be offered without using cookies. To do this, it is necessary that the browser can be identified even after leaving the page.
We require cookies for the following applications:
- Using language settings
- Server assignment
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its contents. Thanks to analysis cookies, we learn how the website is used and can continuously optimise the contents.
6.3 Retention period, right of objection and erasure
7.1 Description and scope of data processing
The user must register by entering his/her personal data on our website. The data are entered into an input mask, transmitted to us, and stored. The data are not disclosed to third parties. The following data are collected during the registration process:
- Personal form of address
- First and last name
- E-mail address
- Phone number and cell phone number
- Fax number
- Aircraft identification
The user's consent to data processing is obtained during the registration process.
7.2 Legal basis for data processing
The data are processed on the legal basis of Art. 6(1)(f) of the GDPR while providing air navigation services.
7.3 Purpose of data processing
The user is required to register because he/she uses the air navigation service and therefore the mandatory legal recordings.
7.4 Retention period
DFS Deutsche Flugsicherung GmbH will automatically deactivate the account one year after the last login. If the account is not reactivated within the next two months, the account and all of the personal data will be erased by DFS Deutsche Flugsicherung GmbH at the end of that month. You may create a new account after that at any time.
7.5 Right of objection and erasure
As the user, you have the option to cancel your registration at any time. Due to legal recordings, the data shall be erased one month after the cancellation request. You may amend your stored personal data at any time.
8 Rights of the data subject
If your personal data is being processed, then you are considered to be a data subject within the meaning of the GDPR and you have the following rights concerning the controller:
8.1 Right of access
You have the right to obtain confirmation from the controller as to whether or not personal data concerning you are being processed.
If that is the case, you may request access to the following information from the controller:
- The purposes for which the personal data are being processed;
- The categories of personal data that are being processed;
- The recipient or categories of recipients to whom the personal data have been or will be disclosed;
- The envisaged retention period for which your personal data will be stored or, if no concrete information is available on this, the criteria used to determine the retention period;
- The existence of the right to request from the controller rectification or erasure of the personal data or restriction of processing the personal data or to object to the data processing;
- The existence of a right to lodge a complaint with a supervisory authority;
- All available information about the source of the data if the personal data were not collected from the data subject;
- The existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of this processing for the data subject.
You have the right to be informed of whether your personal data will be transferred to a third country or an international organisation. In this context, you may request that you be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transfer.
8.2 Right to rectification
You have the right to have the personal data rectified and/or completed by the controller, provided that the processed personal data are inaccurate or incomplete. The controller must make the corrections without undue delay.
8.3 Right to restriction of data processing
You have the right to obtain restriction of processing your personal data under the following conditions:
- If you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of your personal data and instead request the restriction of its use;
- The controller no longer needs the personal data for the specified purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
- If you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.
If processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If restriction of processing has been obtained pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
8.4 Right to notification
If you have notified the controller of your right to rectification, erasure or restriction of processing, the controller shall be obliged to communicate the rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right for the controller to inform you about those recipients.
8.5 Right to data portability
You have the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where:
- The processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) and
- The processing is carried out by automated means.
In exercising this right to data portability, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8.6 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
You have the option in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
8.7 Right to withdraw your consent for data processing
You have the right to withdraw your consent for data processing at any time. Withdrawing your consent shall not affect the lawfulness of the processing performed based on your consent before the consent was withdrawn.
8.8 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- Is necessary for entering into, or performance of, a contract between the data subject and a data controller,
- Is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests or
- Is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Art. 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
In the cases referred to in points 1. and 3., the data controller shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
8.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with the supervisory authority for data protection at DFS Deutsche Flugsicherung GmbH (the Federal Commissioner for Data Protection and Freedom of Information) if you think that the processing of personal data relating to you is in violation of the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
9 SSL encryption
This website uses SSL encryption for security reasons and to protect the transmission of confidential information. You can recognise that you have a secure and encrypted connection by the padlock symbol in the status bar of the browser and the URL address will change from
https://. Thanks to the SSL encryption, third parties do not have access to the data you send to DFS Deutsche Flugsicherung GmbH.
10 Links to other websites
The website of DFS Deutsche Flugsicherung GmbH contains links to other websites that are not operated by or the responsibility of DFS Deutsche Flugsicherung GmbH. DFS Deutsche Flugsicherung GmbH is not responsible for the content of and compliance with data protection rules on these other websites.
11 Contact information and data protection officer
The responsible body within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
DFS Deutsche Flugsicherung GmbH
Am DFS-Campus 10
Tel.: +49 (0)6103-707-0
The company's data protection officer is:
Dr Frank Schury
Am DFS-Campus 10
Tel.: +49 (0)6103-707-4220
If you would like to contact DFS Deutsche Flugsicherung GmbH by e-mail, you can protect your communication with PGP/GPG encryption by encrypting the e-mails using DFS Deutsche Flugsicherung GmbH's public key, which you will find at: https://www.dfs.de/dfs/public_key.asc