Data protection information
The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:
A. General information
1. Scope of data processing
As a matter of principle, we gather and utilize users' personal data only to the extent required to ensure the functioning of our website and of our contents and services. The gathering and utilization of our users' personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.
2. Legal basis of data processing
To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data to fulfil a contract whose contractual party is the individual affected, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.
If processing is required to safeguard the legitimate interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.
3. Data deletion and storage duration
The affected individual's personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.
4. Contact details of the controller
The entity responsible,”the controller”, in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/contact/requests
5. Data Protection Officer's contact details
The Data Protection Officer at the entity responsible is
Telephone: +49 (89) 2108-1554
B. Provision of the website and creation of log files
Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer.
The following data are gathered temporarily:
- Your IP address
- Date and time of your access to the website
- Address of the page visited
- Address of the previously visited website (referrer)
- Name and version of your browser/operating system (if transmitted)
These data are stored in our systems' log files. These data are not stored together with the user's other personal data.
The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also help us optimize the websites, eliminate malfunctions and ensure our IT system security. Our legitimate interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the instance that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting client.
The recording of data for the provision of the website and the storage of data in log files is essential to operate the website. As a consequence, users do not have an option to revoke such data recording.
C. Web analysis
- IP address, anonymized by shortening
- Two cookies to differentiate different visitors (pk_id and pk_sess)
- Previously visited URL (referrer), if communicated by the browser
- Name and version of the operating system
- Name, version and language setting of the browser
- URLs visited on this website
- Times at which pages are visited
- Type of HTML queries
- Screen resolution and colour depth
- Formats and techniques supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)
Data are stored and evaluated exclusively on a central server operated by MPG. Along with the central www.mpg.de website, it is utilized by most Max Planck institutes and many of the project websites allocated to MPG.
The legal basis for the processing of users' personal data is Article 6 (1) lit. f GDPR. Processing of users' personal data enables us to analyze our users' utilization behaviour. The evaluation of the data we obtain enables us to aggregate information about the utilization of our websites' individual components. This helps us constantly improve our websites and their user-friendliness. Our legitimate interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes. The anonymization of the IP address sufficiently takes into consideration users' interest in the protection of their personal data.
The data are deleted after the formation of the conclusive annual sums for access statistics.
It goes without saying that you are able to revoke data gathering. You have the following independent possibilities to revoke data recording by the central server:
1. In your browser, activate the do-not-track or do-not-follow settings. If these settings are active, our central server will not store any data relating to you. Important: The do-not-track instruction generally applies only for the device and browser in which you activate the setting. If you utilize several devices/browsers, you will need to separately activate do-not-track in all relevant locations.
2. Utilize our opt-out function. Click the following selection box https://www.mpg.de/privacy-policy/data-collection-opt-out in order to stop data recording or to reactivate it. If the selection box is deactivated, our central server will not store any data about you. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete it or utilize another PC/browser, you will need to revoke data recording again on this page.
These data are not stored together with the user's other personal data.
D. Integration of external services
The integration of external services, such as OpenStreetMap for location descriptions, is always carefully considered with the aim of making your visit to our website as pleasant as possible.
However, we must point out that in this way your IP address and possibly other personal data are transmitted to the respective service provider and may be stored and evaluated.
We use the Google Maps map service. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The integration takes place exclusively via a link to Google. Via this programming interface, data is only transferred to Google when you click on the button "Switch to Google Maps". When using the functions of Google, Google processes your IP address and possibly other personal data (e.g. information on the use of this website or sub-pages or the data specified in Google Maps). Google thereby receives, among other things, information about the fact that you have called up our website or the corresponding subpage. This information is usually transferred to a Google server in the USA and stored there. Your personal data will only be collected and transmitted by Google via our website when you click on the "Continue to Google Maps" button yourself. We ourselves do not transmit any of your data to Google, this only happens when you click on the link. The use of Google Maps is not mandatory for the receipt of information via our website and is therefore voluntary for you. However, the integration of Google Maps into our Internet pages is performed in the interest of an appealing presentation of our Internet offer and in order to ensure that the locations we indicate on our Internet pages can be found quickly and easily. This represents a legitimate interest in the sense of Art. 6 (1) lit. f GDPR.
or from Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html
and from Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html
2. Open StreeMap
OpenStreetMap is provided by the Openstreetmap Foundation:
St John's Innovation Centre
We base the use of the aforementioned tools on Art. 6 (1) lit. f) GDPR: data processing is carried out to improve the user-friendliness of our website and is therefore in our legitimate interest.
E. Utilization of cookies
Our website utilizes cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a sequence of characters enabling the browser to be clearly identified when visiting the website again.
We deploy cookies to make our website more user-friendly. Some elements of our website also technically require the identification of the visiting browser after a change of page. The following data are saved and transmitted in the cookies:
- Language settings (localization) of the browser: session cookie i18next
- Session data (click path, pages visited, current language, and, where relevant, error messages for forms: session cookie MPG_session_r
Both cookies are deleted when the session is closed.
The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR. The purpose of utilizing technically necessary cookies is to simplify the utilization of websites for users. Some of our website's functions cannot be offered without the utilization of cookies. For these, it is necessary that the browser can also be re-identified following a change of page. We require cookies for the following applications:
- Transferring the browser's language setting: automatic selection of the homepage and spelling
- Noting of form data entered: terms and entries in the contact form utilized in searches within the website (section F)
User data gathered by technically necessary cookies are not utilized to prepare user profiles. Our justified interest in personal data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilization of cookies. You can deactivate or restrict the transmission of cookies through changing your Internet browser settings. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our website are deactivated, you may find not all of the website's functions can continue to be utilized in full.
In addition, we also utilize cookies on our website to enable users' utilization behaviour to be analyzed. For more information on this topic, please refer to the information provided under C.
F. Personalized Services / Newsletter
In case you have decided to make use of a personalized service, such as registration for newsletter services, the use of contact forms or the placement of content in guest books, we will store the data required for this. Usually these data include your e-mail address, surname and first name and other data depending on the type of service. Your details will only be used to provide the service you requested to your satisfaction and to be able to clarify any additional queries. Should you no longer wish to use a personalized service, your personal data will be deleted after you have logged out, provided that registration is required to use the service. If you wish to cancel a subscribed newsletter/ a personalized service, you can send us an e-mail to email@example.com or call +49 (0) 89-30622-263 to cancel.
For selected services, the administration and storage of your personal data is carried out on systems of Infopark AG, Berlin, within the scope of order data processing.
Legal basis for the processing of data after registration for the newsletter by the user is the user's consent Art. 6 para. 1 lit. a DSGVO. The purpose of the data collection is to provide the newsletter. The data will be deleted as soon as they are no longer required for the purpose of their collection. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active. The subscription to the newsletter can be cancelled by the user concerned at any time.
G. Data transmission
The management and storage of your personal information occurs in the case of selected services
- Newsletter (section F)
- Contact form (section F)
As part of contract data processing on the systems of Infopark AG, Berlin.
- Integration of external services (Section D)
Your personal data will only be conveyed to state institutions and authorities in legally essential cases or for criminal prosecution based on attacks on our network infrastructure. The data are not transmitted to third parties for other purposes.
I. Rights of individuals affected
As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:
- Information (Article 12 GDPR)
- Access (Article 15 GDPR)
- Rectification (Article 16 GDPR)
- Erasure (Article 17 (1) GDPR)
- Restriction of processing (Article 18 GDPR)
- Data Portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Withdraw of consent (Article 7 (3) GDPR)
Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postbox 606, 91511 Ansbach.