Data Protection Information
The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our website, observing the currently valid provisions under data protection law as amended. Your data is neither published by us, nor disclosed to third parties unauthorised. In the following, we will explain which data we record during your visit to our webpages and exactly how we use it.
A. General details
1. Scope of data processing
We only ever collect and use personal data to the extent required to provide a functional website as well as our content and services. The collection and utilization of our users' personal data is carried out regularly with the users' consent. An exception applies in instances where processing of the data is permitted by statutory provisions.
2. Legal basis for data processing
If we obtain the consent of the data subject to carry out personal data processing, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR).
When it is necessary to process personal data in order to fulfil a contract whose contractual party the data subject is, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures.
If processing is required in order to safeguard a legitimate interest of the MPG or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject override the first-mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.
3. Data erasure and duration of storage
The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the MPG is subject. Data is also blocked or erased if the retention period prescribed by the above-mentioned legislation expires, unless the data is required to be stored for longer for the purpose of concluding or performing a contract.
4. Contact details of the controller
The controller as defined by the EU General Data Protection Regulation (GDPR) as well as other data protection laws and provisions under data protection legislation is:
5. Contact details of the Data Protection Officer
The controller's Data Protection Officer is
Phone: +49 (89) 2108-1554
B. Provision of the website and creation of logfiles
Every time our website is accessed, our servers and applications automatically log data and information from the accessing computer system.
The following data is collected:
• Your IP address
• Date and time the page is accessed
• Address of the page accessed
• Address of the website visited previously (referrer)
• Name and version of your browser/operating system (if transmitted)
The data is saved in our systems' logfiles. This data is not stored together with other personal data relating to the user.
The legal basis for the temporary saving of data and logfiles is Article 6, para. 1, lit. f GDPR. Data is saved in logfiles in order to ensure the functional capability of the website. In addition, the data serves to optimize the websites, eliminate faults and ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in logfiles, this applies after a maximum of seven days. Saving of data beyond this period is possible. In this case, users' IP addresses are deleted or altered so that they can no longer be attributed to the accessing client.
Data collection for the purpose of providing the website and the saving of data in logfiles are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.
C. Web analysis
• IP address, anonymized by means of abbreviation
• Two cookies to distinguish between different visitors (pk_id and pk_sess)
• Previously visited URLs (referrers) if transmitted by the browser
• Name and version of the operating system
• Name, version and language setting of the browser
• URLs visited on this website
• Times of page visits
• Type of HTML requests
• Screen resolution and colour depth
• Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)
The saving and analysis of data is carried out on a central server operated by the MPG. In addition to the central website www.mpg.de, it is also used by most Max Planck Institutes and many MPG project websites.
The legal basis for the processing of personal user data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyse our users' utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. Anonymization of the IP address sufficiently meets the users' interest in the protection of their personal data.
The data is deleted after the final annual totals have been arrived at for access statistics.
Of course, you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:
1. In your browser, activate the Do-Not-Track setting. If this setting is active, our central server does not save any of your data. Important: Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
2. Use our opt-out function. Click on the check mark in the following selection box under https://www.mpg.de/datenschutzhinweis/datenerhebung-deaktivieren, in order to stop or re-activate data collection. If the selection box is deactivated, our central server does not save any of your data. Important: We have to save a special recognition cookie in your browser for the opt-out function. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.
This data is not saved together with other personal data relating to the user.
• Language settings (localization) of the browser: Sessioncookie i18next
• Session data (click series, pages accessed, current language and any error messages on forms: Sessioncookie mpg_session_r
Both cookies are deleted when the session is closed.
• Adoption of the browser language setting: automatic selection of the start page and spell check
• Remembering of form details entered: words used in searches within the website
The user data collected by technically required cookies is not used to create user profiles.
On our web pages we offer users the opportunity to register by entering personal data via an input screen. Generally speaking we ask for your e-mail address, last name and first name. We inform you about the concrete processing of your data in the course of the registration operation and obtain your consent accordingly. There is also a reference to this Data Protection Information.
The legal basis for processing data is the existence of the user's consent according to Article 6, para. 1, lit. a GDPR. If registration serves to fulfil a contract of which the user is a contractual party or to implement pre-contractual measures, the additional legal basis for data processing is Article 6, para. 1, lit. b GDPR. It is necessary to register the user in order to be able to provide certain content and services on our website, fulfil a contract with the user or implement pre-contractual measures. The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. This applies to the data collected during the registration operation if registration on our websites is withdrawn or altered. It applies to the registration operation to fulfil a contract or to implement pre-contractual measures if the data is no longer required in order to implement the contract. It may also be necessary to save the contractual partner's personal data after conclusion of the contract in order to meet contractual or statutory requirements.
As a user, you can withdraw registration at any time. You can have the data relating to you altered at any time; the procedure is described in detail during the actual registration operation. If the data is required to fulfil a contract or implement pre-contractual measures, premature deletion of the data is only possible if this is not prevented by contractual or statutory obligations.
F. Data transmission
The management and storage of your personal details is carried out by selected services.
In connection with contract processing on the systems of Infopark AG, Berlin.
Your personal data is only transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data is not shared with third parties for any other purposes.
G. Rights of data subjects
As a data subject whose personal data is collected in connection with the above-mentioned services, you have the following fundamental rights unless legal exceptions apply in individual cases:
• Access (Article 15 GDPR)
• Rectification (Article 16 GDPR)
• Erasure (Article 17, para. 1 GDPR)
• Restriction of processing (Article 18 GDPR)
• Data portability (Article 20 GDPR)
• Objection to processing (Article 21 GDPR)
• Withdrawal of consent (Article 7, para. 3 GDPR)
• Right to lodge a complaint with a supervisory authority (Article 77 GDPR). For the MPG, this is BayLDA (Bavarian Data Protection Authority), Postfach 1349, 91504 Ansbach.