1 Personal data
If you would like to use the DFS Deutsche Flugsicherung GmbH Aeronautical Information Service website, we will ask you for certain personal data necessary for the provision of our service. This personal data will be used for the following activities as part of our air navigation service; we will not process the data outside the specified activities.
- The required personal data in the flight plan forms or PIB requests are forwarded to the relevant units (depending on your flight plan, it could be the involved ANSPs, who may also be located outside the EU) and kept by DFS Deutsche Flugsicherung GmbH for 30 days in the context of legal recordings.
- The AIS‑C will contact you by phone if there are any questions about the flight plan.
- You have the option to create your own custom templates for flight plans or briefings. These templates will be stored and available for you in your account.
- If the AIS‑C contacts you, your phone number will be used to display your name in the call centre agent for the briefing officers.
- If you request a pre-flight briefing from us, we will use your personal data to determine how you prefer the PIB to be sent to you. To do this, your relevant personal data will be sent to the European AIS Database (EAD) and processed there.
- If you would like to receive a pre-flight briefing by fax, the EAD will forward the PIB and your fax number via e-mail to massenversand.de, where the e-mail will be converted into a fax.
- If you are filing a flight plan and have requested that the confirmation be sent to you in a text message, then your telephone number and the flight plan will be sent to the EAD. The EAD will automatically send the flight plan status messages via e-mail to massenversand.de, which will read the e-mail and send you the text.
- The personal data will be used to contact you in the INCERFA (uncertainty phase) of the alerting service in accordance with ICAO Annex 11. If the alerting service is unable to contact you, your personal data will be forwarded to the ATC supervisor to take further action.
- All data entered in the "ATFMX application" form will be sent by e-mail to the competent authority, the Federal Supervisory Office for Air Navigation Services (BAF).
- Your personal data will be used to send you a questionnaire so that you can participate in our annual customer satisfaction survey as part of our quality assurance measures in accordance with ISO 9001:2015.
- In rare cases, DFS Deutsche Flugsicherung GmbH may use your personal data to contact you with questions during error analysis.
- DFS Deutsche Flugsicherung GmbH may also use your personal data for statistical surveys to improve our aeronautical information service. The results of these statistical surveys do not enable us to make any conclusions regarding individual persons' behaviour or data.
2 Scope of personal data processing
We collect and use our users' personal data only to provide a functional website and as required for our contents and services. We only collect and use our users' personal data with their permission. The only exception in these cases is when the data subject's prior consent is not possible and processing of the data is required by law.
3 Legal basis for processing personal data
Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data provided that we have obtained the data subject's consent for processing their personal data.
Article 6(1)(c) of the GDPR is the legal basis if the processing of personal data is necessary for compliance with a legal obligation to which DFS Deutsche Flugsicherung GmbH is subject.
Article 6(1)(d) of the GDPR is the legal basis if the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.
4 Data erasure and retention period
The data subject's personal data will be erased as soon as the purpose for which the data were retained is no longer necessary. The data may also be retained if this was provided for by the European or national legislatures in EU regulations, laws or other provisions to which the data controller is subject.
5 Provision of a website and creation of log files
5.1 Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the visiting computer's system. The following data are collected:
- Information about the browser type and version used
- The user's operating system
- The user's internet service provider
- The user's IP address
- Date and time of the access
- Websites used by the user's system to access the website
- Websites that were accessed through our website by the user's system
The data are also stored in our system's log files. This data will not be stored together with the user's other personal data.
5.2 Legal basis for data processing and purpose of the data processing
Art. 6(1)(f) read in conjunction with Art. 32(1)(d) of the GDPR is the legal basis for the temporary retention of your data and log files.
The temporary retention of your IP address by the system is necessary to facilitate delivery of the website to the user's computer. To do this, the user's IP address must be retained for the duration of the session.
The data are stored in log files in order to ensure that the website functions properly. The data also help us optimise the website contents and ensure the security of our IT systems. We will not use the data for marketing purposes in any way.
5.3 Retention period
The data will be erased as soon as they are no longer needed for the purpose for which they were collected. If the data are collected to facilitate provision of the website, they will be erased once the session has ended.
When the data are stored in log files, the data will be erased no later than after 180 days. Storing the data for longer is possible, but in this case the users' IP addresses will be anonymised so that they can no longer be allocated to the requesting client.
6.1 Description and scope of data processing
The following data are stored in the cookies:
- Language settings
- Login information
- Server assignment
Art. 32(1)(d) of the GDPR is the legal basis for the processing of your personal data when using cookies.
The purpose of using technically necessary cookies is to make it easier for users to use websites. Some of the functions of our website cannot be offered without using cookies. To do this, it is necessary that the browser can be identified even after leaving the page.
We require cookies for the following applications:
- Language settings
- Login information
- Server assignment
The user data collected by technically necessary cookies are not used to create user profiles.
6.3 Retention period, right of objection and erasure
7.1 Description and scope of data processing
The user must register by entering his/her personal data on our website. The data are entered into an input mask, transmitted to us, and stored. The data are not disclosed to third parties. The following data are collected during the registration process:
- Personal form of address
- First and last name
- E-mail address
- Phone number and cell phone number
- Fax number
- Aircraft identification
The user's consent to data processing is obtained during the registration process.
7.2 Legal basis for data processing
The legal basis for processing the data is the existence of the user's consent pursuant to Art. 6(1)(a) of the GDPR.
The data are processed on the legal basis of Art. 6(1)(f) of the GDPR while providing air navigation services.
7.3 Purpose of data processing
The user is required to register because he/she uses the air navigation service and therefore the mandatory legal recordings.
7.4 Retention period
DFS Deutsche Flugsicherung GmbH will automatically deactivate the account one year after the last login. If the account is not reactivated within the next two months, the account and all of the personal data will be erased by DFS Deutsche Flugsicherung GmbH at the end of that month. You may create a new account after that at any time.
7.5 Right of objection and erasure
As the user, you have the option to cancel your registration at any time. Due to legal recordings, the data shall be erased one month after the cancellation request. You may amend your stored personal data at any time.
8 Rights of the data subject
If your personal data is being processed, then you are considered to be a data subject within the meaning of the GDPR and you have the following rights concerning the controller:
8.1 Right of access
You have the right to obtain confirmation from the controller as to whether or not personal data concerning you are being processed.
If that is the case, you may request access to the following information from the controller:
- The purposes for which the personal data are being processed;
- The categories of personal data that are being processed;
- The recipient or categories of recipients to whom the personal data have been or will be disclosed;
- The envisaged retention period for which your personal data will be stored or, if no concrete information is available on this, the criteria used to determine the retention period;
- The existence of the right to request from the controller rectification or erasure of the personal data or restriction of processing the personal data or to object to the data processing;
- The existence of a right to lodge a complaint with a supervisory authority;
- All available information about the source of the data if the personal data were not collected from the data subject;
- The existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of this processing for the data subject.
You have the right to be informed of whether your personal data will be transferred to a third country or an international organisation. In this context, you may request that you be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR relating to the transfer.
8.2 Right to rectification
You have the right to have the personal data rectified and/or completed by the controller, provided that the processed personal data are inaccurate or incomplete. The controller must make the corrections without undue delay.
8.3 Right to restriction of data processing
You have the right to obtain restriction of processing your personal data under the following conditions:
- If you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of your personal data and instead request the restriction of its use;
- The controller no longer needs the personal data for the specified purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
- If you have objected to processing pursuant to Art. 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your grounds.
If processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If restriction of processing has been obtained pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
8.4 Right to erasure
a) Obligation to erase personal data
You can request that the controller erase your personal data after one month, and the controller is obligated to erase this data after a month provided one of the following reasons applies:
- The personal data is no longer necessary for the purpose for which it was originally collected or processed.
- You withdraw your consent on which the processing was legally based pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
- You object to the processing of your data pursuant to Art. 21(1) of the GDPR and there is no overriding legitimate interest to continue this processing, or you object to the processing pursuant to Art. 21(2) of the GDPR.
- Your personal data were processed unlawfully;
- Erasure of the personal data is necessary to fulfil a legal obligation according to European Union law or the laws of a Member State to which the controller is subject.
- Your personal data were collected in relation to the offer of information society services pursuant to Art. 8(1) of the GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of all links to, or copy or replication of, those personal data.
The right to erasure shall not apply to the extent that processing is necessary:
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation which requires processing by European Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) of the GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- For the establishment, exercise or defence of legal claims.
8.5 Right to notification
If you have notified the controller of your right to rectification, erasure or restriction of processing, the controller shall be obliged to communicate the rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right for the controller to inform you about those recipients.
8.6 Right to data portability
You have the right to receive your personal data that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where:
- The processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) and
- The processing is carried out by automated means.
In exercising this right to data portability, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
You have the option in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
8.8 Right to withdraw your consent for data processing
You have the right to withdraw your consent for data processing at any time. Withdrawing your consent shall not affect the lawfulness of the processing performed based on your consent before the consent was withdrawn.
8.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- Is necessary for entering into, or performance of, a contract between the data subject and a data controller,
- Is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests or
- Is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Art. 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
In the cases referred to in points 1. and 3., the data controller shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
8.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with the supervisory authority for data protection at DFS Deutsche Flugsicherung GmbH (the Federal Commissioner for Data Protection and Freedom of Information) if you think that the processing of personal data relating to you is in violation of the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.
9 SSL encryption
This website uses SSL encryption for security
reasons and to protect the transmission of confidential information. You can
recognise that you have a secure and encrypted connection by the padlock symbol
in the status bar of the browser and the URL address will change from
https://. Thanks to the SSL encryption,
third parties do not have access to the data you send to DFS Deutsche
10 Links to other websites
The website of DFS Deutsche Flugsicherung GmbH contains links to other websites that are not operated by or the responsibility of DFS Deutsche Flugsicherung GmbH. DFS Deutsche Flugsicherung GmbH is not responsible for the content of and compliance with data protection rules on these other websites.
11 Contact information and data protection officer
The responsible body within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Am DFS-Campus 10
Tel.: +49 (0)6103-707-0
For technical support contact:
DFS Deutsche Flugsicherung GmbH
Aeronautical Information Service Centre (AIS-C)
Am DFS-Campus 1
Tel.: +49 (0)6103-707-5500 (the call will be
The company's data protection officer is:
Dr Frank Schury
Am DFS-Campus 10
If you would like to contact DFS Deutsche Flugsicherung GmbH by e-mail, you can protect your communication with PGP/GPG encryption by encrypting the e-mails using DFS Deutsche Flugsicherung GmbH's public key, which you will find at: https://www.dfs.de/dfs/public_key.asc