The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis.
In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:
A. General information
1. Scope of data processing
As a matter of principle, we gather and utilize users’ personal data only to the extent required to ensure the functioning of our website and of our contents and services. The gathering and utilization of our users’ personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.
2. Legal basis of data processing
If we obtain the consent of the data subject to carry out personal data processing, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR).
When it is necessary to process personal data in order to fulfil a contract whose contractual party the data subject is, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures.
If processing is required to safeguard the justified interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.
3. Data deletion and storage duration
The affected individual’s personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.
4. Contact details of the individuals responsible
The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/contact/requests
Internet: https://www.mpg.de
5. Data Protection Manager’s contact details
The Data Protection Manager at the entity responsible is
Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-1554
E-mail: datenschutz@mpg.de
B. Provision of the website and creation of log files
Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer.
The following data are gathered temporarily:
- Your IP address
- Date and time of your access to the website
- Address of the page visited
- Address of the previously visited website (referrer)
- Name and version of your browser/operating system (if transmitted)
These data are stored in our systems’ log files. These data are not stored together with the user’s other personal data.
The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website’s functionality. The data also help us optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in logfiles, this applies after a maximum of seven days. Saving of data beyond this period is possible. In this case, users’ IP addresses are deleted or altered so that they can no longer be attributed to the accessing client.
Data collection for the purpose of providing the website and the saving of data in logfiles are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.
C. Web analysis
We use the web analytics programme Matomo (formerly Piwik) for statistical data collection in relation to utilization behaviour; this programme uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Every time our website is accessed, our system logs the following data and information from the accessing computer system:
- IP address, anonymized by shortening
- Two cookies to differentiate different visitors (pk_id and pk_sess)
- Previously visited URL (referrer), if communicated by the browser
- Name and version of the operating system
- Name, version and language setting of the browser
Additionally, if JavaScript is activated:
- URLs visited on this website
- Times at which pages are visited
- Type of HTML queries
- Screen resolution and colour depth
- Formats and techniques supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)
The saving and analysis of data is carried out on a central server operated by the MPG. In addition to the central website www.mpg.de, it is also used by most Max Planck Institutes and many MPG project websites.
The legal basis for the processing of personal user data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyse our users’ utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. Anonymization of the IP address sufficiently meets the users’ interest in the protection of their personal data.
The data is deleted after the final annual totals have been arrived at for access statistics.
Of course, you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:
1. In your browser, activate the do-not-track or do-not-follow settings. If these settings are active, our central server will not store any data relating to you. Important: The do-not-track instruction generally applies only for the device and browser in which you activate the setting. If you utilize several devices/browsers, you will need to separately activate do-not-track in all relevant locations.
2. Utilize our opt-out function. Click the following selection box https://www.mpil.de/en/pub/service/privacy-policy/data-collection.cfm in order to stop data recording or to reactivate it. If the selection box is deactivated, our central server will not store any data about you. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete it or utilize another PC/browser, you will need to revoke data recording again on this page.
These data are not stored together with the user’s other personal data.
D. Utilization of cookies
Our website uses cookies. Cookies are text files which are saved in or by the internet browser in the user’s computer system. If a user accesses a website, a cookie can be saved on the user’s operating system. This cookie contains a characteristic string of characters which enables definitive identification of the browser the next time the website is accessed.
We use cookies in order to make our website more user-friendly. It is a technical requirement of certain elements of our website that the accessing browser can also be identified after a page change. The following data is saved and transmitted in cookies:
- Session ID
- Session data (click series, pages accessed, current language)
Both cookies are deleted when the session is closed.
The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR and § 25 para. 2 no. 2 TTDSG. The purpose of utilizing technically necessary cookies is to simplify the utilization of websites for users. Some of our website’s functions cannot be offered without the utilization of cookies. For these, it is necessary that the browser absolutely has to be recognized after a page change. We require cookies for the following applications:
- Session ID
The user data collected by technically required cookies is not used to create user profiles.
Cookies are saved on the user’s computer and transmitted by the latter to our website. For this reason, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies which have already been saved can be deleted at any time. This can also happen on an automated basis. If cookies our deactivated for our website, the full range of functions of the website may not be entirely available for use.
On our website we also use cookies that enable analysis of utilization behaviour. For details, please read the information under C.
E. Contact form
A contact form is available on our website for the purposes of making contact electronically. If a user opts for this, the data entered in the data entry form are transmitted to us, and we save the data. These are generally your email address, family name and first name. We inform you about the specific processing of the data and we obtain your consent as part of the utilization procedure. Reference is also made to this data protection statement. The data are utilized exclusively to process the conversation.
The Google reCaptcha function is utilized in order to avoid improper use of the form. reCaptcha serves to prevent mass machine use of the contact form by inserting image-based questions which only a human being can answer. reCaptcha is an embedded JavaScript, which establishes a connection to the provider’s servers when the contact form is accessed. The provider thereby at least receives information that you have visited the contact form as well as, potentially, other information that your web browser and the device you are utilizing discloses. You can obtain information about the data processing at the provider through a reference on the contact form.
The legal basis for the processing of data when utilizing the contact form is the user’s consent pursuant to Article 6 (1) lit. a GDPR. We employ the processing of personal data from the data entry form solely to process the initiation of the contact. The data are deleted as soon as they are no longer required for the purpose for which they were gathered. This occurs if the respective conversation with the user ends or if the user’s issue has been processed conclusively. The conversation has ended if the circumstances suggest that the respective matter has been clarified conclusively. At any time, users can notify the listed contact partners that they are revoking their consent to the processing of personal data.
The legal basis for the processing of users’ personal data by reCaptcha is Article 6 (1) lit. f GDPR. reCaptcha is utilized exclusively to ensure the functionality of the contact form and to prevent improper use. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR lies in such purposes. Utilization is essential to operate the contact form. As a consequence, users do not have an option to revoke such data recording.
F. Newsletter
1. Type of data
Our website offers users the opportunity to sign up for a free newsletter. When users sign up for the newsletter, the data from the input screen are transmitted to us. This generally consists of your email address, last name and first name. We inform you about the concrete processing of your data in the course of the sign-up process and obtain your consent accordingly. There is also a reference to this Data Privacy Statement. The data is solely used for sending out the newsletter.
We use tracking to adapt contents to the interests of the users and to measure our information activity.
The following data are collected as part of tracking:
- Successful delivery of the newsletter
- Opening of the newsletter yes/no via tracking pixels (mini graphic in the newsletter)
- Type of browser, type of operating system
- Mobile terminal or normal terminal
- User Agent (e-mail client used)
- IP address (anonymized)
- Date and time of the opening of the newsletter
- Links clicked in the newsletter
2. Legal basis
The legal basis for processing the data after a user signs up for the newsletter is the user’s consent according to Art. 6 (1) lit. a GDPR. The purpose of collecting data is to deliver the newsletter.
The legal basis for the tracking is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the evaluation of the newsletter’s success.
3. Data deletion
The user’s email address is therefore only saved for as long as the newsletter subscription is active. The newsletter subscription can be cancelled by the user in question at any time, using the unsubscribe link at the bottom of each newsletter.
G. Data transmission
The management and storage of your personal information occurs in the case of selected services
- Contact form (section E)
As part of contract data processing on the systems of Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen.
Your personal data will only be conveyed to state institutions and authorities in legally essential cases or for criminal prosecution based on attacks on our network infrastructure. The data are not transmitted to third parties for other purposes.
H. Rights of individuals affected
As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:
- Information (Article 15 GDPR)
- Correction (Article 16 GDPR)
- Deletion (Article 17 (1) GDPR)
- Restriction of processing (Article 18 GDPR)
- Data transmission (Article 20 GDPR)
- Revocation of processing (Article 21 GDPR)
- Revocation of consent (Article 7 (3) GDPR)
- Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postbox 1349, 91504 Ansbach.