Privacy Policy / Data Protection

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our website, observing the currently valid provisions under data protection law as amended. Your data is neither publish by us, nor disclosed to third parties unauthorized.

In the following, we will explain which data we record during your visit to our webpages and exactly how we use it.
 

A. General details

1. Scope of data processing

We only ever collect and use personal data to the extent required to provide a functional website as well as our content and services. The collection and utilization of our users' personal data is carried out regularly with the users' consent. An exception applies in instances where processing of the data is permitted by statutory provisions.
 

2. Legal basis for data processing

If we obtain the consent of the data subject to carry out personal data processing, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR).

When it is necessary to process personal data in order to fulfil a contract whose contractual party the data subject is, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures.

If processing is required in order to safeguard a legitimate interest of the MPG or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.
 

3. Data erasure and duration of storage

The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the MPG is subject. Data is also blocked or erased if the retention period prescribed by the above-mentioned legislation expires, unless the data is required to be stored for longer for the purpose of concluding or performing a contract.
 

4. Contact details of the controller

The controller as defined by the EU General Data Protection Regulation (GDPR) as well as other data protection laws and provisions under data protection legislation is:

Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich

Phone: +49 (89) 2108-0
Contact form: https://www.mpg.de/contact/requests
Internet: https://www.mpg.de
 

5. Contact details of the Data Protection Officer

The controller's Data Protection Officer is

Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich

Phone: +49 (89) 2108-1554
E-mail: datenschutz@mpg.de

 

B. Provision of online services on our website

After a user has logged in to our website with his/her username and password, the server automatically saves the timestamp as the last login.

We provide online services to logged-in users. With these online services, users can, for example, change their profile data or in the role of an IT contact person manage data of the departmetn ,such as devices, user accounts, archives, etc. If you entries, changes or deletions are made, the following information is automatically storen on our server:

  • Username
  • Used online service
  • Action of the user
  • Information entered in the form of the online service
  • Result or error message
  • Date and timestamp

This data is saved in the database of our system. This data is not stored together with other personal data relating to the user.

The legal basis for the temporary saving of data is Article 6, para. 1, lit. f GDPR. The data is saved in the database in order to ensure the functional capability of the website. In addition, the data serves to optimize the website, eliminate faults, and to ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.

The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in the database, this applies after a maximum of six months. Saving of data beyond this period is possible to support the further development of the website.

Data collection for the purpose of providing the website and the saving of data in the database is absolutely necessary in order to operate the website. It is therefore not possible for the user to object.

 

C. Web analysis

We use the web analysis programme Matomo (formerly Piwik) for statistical data collection in relation to utilization behaviour; this programme uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Every time our website is accessed, our system logs the following data and information from the accessing computer system:

  • IP address, anonymized by means of abbreviation
  • Two cookies to distinguish between different visitors (pk_id and pk_sess)
  • Previously visited URL (referrers), if transmitted by the browser
  • Name and version of the operating system
  • Name, version and language setting of the browser

The following data is collected if JavaScript is activated:

  • URLs visited on this website
  • Times of page visits
  • Type of HTML requests
  • Screen resolution and colour depth
  • Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)
  • Search queries

The saving and analysis of these anonymized data is carried out on a server operated by the Computing Center of the Max Planck Institute of Biochemistry. 

The legal basis for the processing of personal user data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyze our users' utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our website and its user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. Anonymization of the IP address sufficiently meets the users' interest in the protection of their personal data.

The data is deleted after the final annual totals have been arrived at for access statistics.

Of course, you have the opportunity to object to your data being collected. You have the following options to do so:

  1. In your browser, activate the Do-Not-Track setting. If this setting is active, our server does not save any of your data. Important: The Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
  2. Use our Matomo opt-out function. Click on the check mark in the following selection box, in order to stop or reactivate data collection. If the selection box is deactivated, our server does not save any of your data. Important: We have to save a special recognition cookie in your browser for the opt-out function. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.

This data is not saved together with other personal data relating to the user.

 

D. Use of cookies

Our website uses cookies. Cookies are text files that are saved in or by the internet browser in the user's computer system. If a user accesses a website, a cookie can be saved on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies in order to make our website more user-friendly. It is a technical requirement of certain elements of our website that the accessing browser can be identified after a page change. In the cookies (COMPANY_ID, ID, GUEST_LANGUAGE_ID, JSESSIONID, LFR_SESSION_STATE, USER_UUID), only session data is stored and transmitted.

The legal basis for the processing of personal data by means of cookies is Article 6, para. 1, lit. f GDPR and § 25 para. 2 no. 2 TTDSG. Some of the functions of our website cannot be offered without the use of cookies. For these to work, the browser absolutely has to be recognized after a page change. 

The user data collected by technically required cookies is not used to create user profiles. 

Cookies are saved on the user's computer and transmitted from it to our website. For this reason, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or limit the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also happen on an automated basis. If cookies are deactivated for our website, the full range of functions of the website may not be entirely available for use.

On our website we also use cookies that enable analysis of utilization behaviour. For details, please read the information under C Web analysis.

 

E. Data usage

The management and storage of your personal data is carried out for selected services

  • Information entered in the forms of our provided online services
  • Use of contact information provided on the account form in the address book of this website.
    Contact information that can be accessed from the address book of this website is available to all logged-in users regardless of their location and to all non-logged-in users within the local networks of the Max Planck Institute of Biochemistry and Neurobiology. For more information, please read our terms of use.

Your personal data is only transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data is not shared with third parties for any other purposes.

 

F. Rights of data subjects

As a data subject whose personal data is collected in connection with the above-mentioned services, you have the following fundamental rights unless legal exceptions apply in individual cases:

  • Access (Article 15 GDPR)
  • Rectification (Article 16 GDPR)
  • Erasure (Article 17, para.1 GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Objection to processing (Article 21 GDPR)
  • Withdrawal of consent (Article 7, para. 3 GDPR)
  • Right to lodge a complaint with supervisory authority (Article 77 GDPR). For the MPG, this is BayLDA (Bavarian Data Protection Authority), Postfach 1349, 91504 Ansbach.