Data protection information
The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:
A. General information
1. Scope of data processing
As a matter of principle, we gather and utilize users' personal data only to the extent required to ensure the functioning of our website and of our contents and services. The gathering and utilization of our users' personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.
2. Legal basis of data processing
To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data to fulfil a contract whose contractual party is the individual affected, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.
If processing is required to safeguard the justified interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.
3. Data deletion and storage duration
The affected individual's personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.
4. Contact details of the individuals responsible
The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/kontakt/anfragen
5. Data Protection Manager's contact details
The Data Protection Manager at the entity responsible is
Telephone: +49 (89) 2108-1554
B. Provision of the website and creation of log files
Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer.
The following data are gathered temporarily:
- Your IP address
- Date and time of your access to the website
- Address of the page visited
- Address of the previously visited website (referrer)
- Name and version of your browser/operating system (if transmitted)
These data are stored in our systems' log files. These data are not stored together with the user's other personal data.
The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also help us optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the instance that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting client.
The recording of data for the provision of the website and the storage of data in log files is essential to operate the website. As a consequence, users do not have an option to revoke such data recording.
C. Web analysis
• IP address, anonymized by shortening
• Two cookies to differentiate different visitors (pk_id and pk_sess)
• Previously visited URL (referrer), if communicated by the browser
• Name and version of the operating system
• Name, version and language setting of the browser
• URLs visited on this website
• Times at which pages are visited
• Type of HTML queries
• Screen resolution and colour depth
• Formats and techniques supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)
Data are stored and evaluated exclusively on a server operated by MPG. Along with the central www.mpg.de website, it is utilized by most Max Planck institutes and many of the project websites allocated to MPG.
The legal basis for the processing of users' personal data is Article 6 (1) lit. f GDPR. Processing of users' personal data enables us to analyze our users' utilization behaviour. The evaluation of the data we obtain enables us to aggregate information about the utilization of our websites' individual components. This helps us constantly improve our websites and their user-friendliness. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes. The anonymization of the IP address sufficiently takes into consideration users' interest in the protection of their personal data.
The data are deleted after the formation of the conclusive annual sums for access statistics.
It goes that saying that you are able to revoke data gathering. You have the following possibilitiy to revoke data recording by the central server: In your browser, activate the do-not-track or do-not-follow settings. If these settings are active, our central server will not store any data relating to you. Important: The do-not-track instruction generally applies only for the device and browser in which you activate the setting. If you utilize several devices/browsers, you will need to separately activate do-not-track in all relevant locations.
D. Utilization of cookies
Our website utilizes cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a sequence of characters enabling the browser to be clearly identified when visiting the website again.
We deploy cookies to make our website more user-friendly. Some elements of our website also technically require the identification of the visiting browser after a change of page. The data saved and transmitted in the cookies concerns the current session only.
The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR. The purpose of utilizing technically necessary cookies is to simplify the utilization of websites for users. Some of our website's functions cannot be offered without the utilization of cookies. For these, it is necessary that the browser can also be re-identified following a change of page.
The cookies are deleted when the session is closed.
User data gathered by technically necessary cookies are not utilized to prepare user profiles. Our justified interest in personal data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilization of cookies. You can deactivate or restrict the transmission of cookies through changing your Internet browser settings. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our website are deactivated, you may find not all of the website's functions can continue to be utilized in full.
E. Contact form
A contact form is available on our website for the purposes of making contact electronically. If a user opts for this, the data entered in the data entry form are transmitted to us, and we save the data. These are generally your email address, family name and first name. We inform you about the specific processing of the data and we obtain your consent as part of the utilization procedure. Reference is also made to this data protection statement. The data are utilized exclusively to process the conversation.
The legal basis for the processing of data when utilizing the contact form is the user's consent pursuant to Article 6 (1) lit. a GDPR. We employ the processing of personal data from the data entry form solely to process the initiation of the contact. The data are deleted as soon as they are no longer required for the purpose for which they were gathered. This occurs if the respective conversation with the user ends or if the user's issue has been processed conclusively. The conversation has ended if the circumstances suggest that the respective matter has been clarified conclusively. At any time, users can notify the listed contact partners that they are revoking their consent to the processing of personal data.
On this websites, we offer users the option to register. Clicking on the link takes you to an external page where you will be informed about the specific processing of the data and your consent obtained as part of the registration procedure. Reference is also made to this data protection statement.
The legal basis for the processing of data is the user's consent pursuant to Article 6 (1) lit. a GDPR. If registration serves to fulfil a contract whose contractual party is the user or to implement pre-contractual measures, the additional legal basis for the processing of data is Article 6 (1) lit. b GDPR. Registering the user is necessary to provide certain contents and services on our website or to fulfil a contract with the user or to implement pre-contractual measures. The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. This is the case for data gathered during the registration process if registration is cancelled or modified on our websites. For the registration process to fulfil a contract or to implement pre-contractual measures, this is the case if the data are no longer required to fulfil the contract. After the contract ends, it may be necessary to continue to store the contractual partner's personal data in order to fulfil contractual or statutory obligations. As a user, you can cancel the registration at any time. You can have the data saved in connection with yourself modified at any time. The procedure is described in more detail in the specific registration procedure. If the data are required to fulfil a contract or to implement pre-contractual measures, early deletion of the data is possible only to the extent that no contractual or statutory obligations prevent such deletion.
G. Embedded YouTube videos
We have embedded YouTube-Videos on our website. These are stored on http://www.Youtube.com and are played directly on our website. The videos are embedded the "extended data protection mode" ie user data is transmitted to YouTube unless you play a video. Only when you play a video are data transmitted to YouTube. We have no influence on the data collected by YouTube. We embed YouTube videos out of a legitimate interests in making our site more interesting and attractive to users and to achieve a better depiction of relevant content and facts. The legal basis for using the YouTube plugin is Article 6 (1) lit. f GDPR.
H. Social media links
On our website we promote a project by c't, called "Shariff". "Shariff" replaces the typical share-buttons of social networks and thereby protects surfing behavior. "Shariff" integrates the share buttons of social networks on our website as a graphic containing a link to the appropriate social network. By clicking on the appropriate icon you will be redirected to the services of your network. The Shariff button provides direct contact between the social network and our users only when the visitor actively clicks the 'Share' button. Only then will your data be transferred to the respective social network. If, however, the Shariff button is not clicked, no exchange will be made between you and the social network. We have no influence on the data collected by the respective social media sites. For more information about the c't project "Shariff" visit: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datensc...
I. Lisamission on social media platforms
We offer online services on various social media platforms to provide information and to get in touch with you.
We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our social media offerings, the platform operator stores cookies in your browser in which your usage behavior and/or your interests are stored for market research and advertising purposes. The usage profiles gained in this way - usually across devices - are used by the platform operators to display you personalized advertising. Data processing may also affect persons who are not registered as users of the respective social media platform. Your data may be processed outside the European Union, which may make it difficult to enforce your rights. However, when selecting such social media platforms, we make sure that the operators commit themselves to comply with EU data protection standards.
The processing of your personal data when you visit one of our social media services is based on our legitimate interests in a diverse external presentation of our company and the use of effective information and communication with you. The legal basis for this is Article 6 (1) lit. f GDPR. Under certain circumstances, you have also consented to the data processing of a platform operator, in which case Article 6 (1) lit. a GDPR is the legal basis.
Detailed information on data processing in connection with the use of our social media offers, possibilities of objection (opt-out) and the assertion of information rights can be obtained from the data protection declaration of the relevant platform operator.
Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
2. Google+/ YouTube
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
I. Rights of individuals affected
As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:
- Information (Article 15 GDPR)
- Correction (Article 16 GDPR)
- Deletion (Article 17 (1) GDPR)
- Restriction of processing (Article 18 GDPR)
- Data transmission (Article 20 GDPR)
- Revocation of processing (Article 21 GDPR)
- Revocation of consent (Article 7 (3) GDPR)
- Right to complain to the regulator (Article 77 GDPR).
For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postbox 606, 91511 Ansbach.