Data protection information

April 25, 2023

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:

A.           Provision of the website

1. Calling the website

a.           Type of data

Each time our website is called up, our servers and applications automatically collect data and information from the system of the calling device.

The following data is temporarily collected:

- Your IP address

- Date and time of your access to the page

- Address of the page accessed

- Address of the previously visited website (referrer)

- Name and version of your browser/operating system (if transmitted)

The data is stored in the log files of our systems. This data is not stored together with other personal data of the users.

b.           Legal basis

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO. The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the websites, for troubleshooting and to ensure the security of our information technology systems. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for users to object.

c.           Deletion of data

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling device is no longer possible.

2. User-friendly design of the website

a.           Type of data

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's system. When a user visits a website, a cookie is stored on the user's device. The cookies contain a characteristic string that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website technically require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

- Language settings (localization) of the browser, even when switching pages (functionality of the language switch): Sessioncookie i18next

- Session data (click path, pages viewed, current language, form data remembered (terms used in internal site search, entries in contact form) as well as any error messages for forms): Sessioncookie mpg_session_r

Cookies are stored on your device and transmitted from it to our site. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

b.           Legal basis

The legal basis for the processing of personal data using Coo-kies is Art. 6 para. 1 lit. f DSGVO and § 25 para. 2 No. 2 TTDSG. Some functions of our website cannot be offered without the use of cookies. For these, it is absolutely necessary that the browser is recognized even after a page change.

c.           Deletion of data

The cookies are deleted after the session is closed.

B. Web analysis

1. Type of data

We use the web analytics program Matomo for statistical data collection of user behavior, which uses cookies and JavaScript to collect various information on your computer and automatically transmits it to us. Each time you call up our web pages, our system collects the following data and information from the computer system of the calling device:

- IP address, anonymized by shortening

- Two cookies to distinguish different visitors: pk_id and pk_sess

- Previously visited URL (referrer), if transmitted by the browser

- Name and version of the operating system

- Name, version and language setting of the browser.

Additionally, if JavaScript is enabled:

- Visited URLs on this website

- Time of page views

- Type of HTML requests

- Screen resolution and color depth

- Techniques and formats supported by the browser (e.g. Cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears).

The data is stored and evaluated exclusively on a central server operated by MPG. 

Of course, you have the possibility to object to the data collection. You have the following independent options to object to data collection by the central server:

1. activate the Do-Not-Track or Do Not Follow setting in your browser. As long as this setting is active, our central server will not store any of your data. Important: The Do-Not-Track instruction usually only applies to the one device and browser in which you activate the setting. If you use multiple devices / browsers, you must activate Do-Not-Track separately for each.

2. use our opt-out function. Click the checkbox in the following selection box at https://www.mpg.de/datenschutzhinweis/datenerhebung-deaktivieren to stop or re-enable data collection. As long as the checkbox is unchecked, our central server will not store any data from you. Important: For the opt-out, we need to store a special detection cookie in your browser. If you delete this or use a different PC/browser, then you must again object to the data collection on die-ser page.

This data is not stored together with other personal data of the user.

2. Legal basis

The legal basis for the processing of the users' personal data is Art. 6 Para. 1 lit. f DSGVO as well as § 25 Para. 2 No. 2 TTDSG. The processing of the users' personal data enables us to analyze the usage behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our websites. This helps us to continuously improve our websites and their user-friendliness. These purposes are also our legitimate interest in processing the data according to Art. 6 para. 1 lit. f DSGVO as well as § 25 para. 2 No. 2 TTDSG. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

3. Deletion of the data

The data will be deleted after the formation of the final annual totals for the access statistics.

C.           Contact form

1. Type of data

Our website contains a contact form that can be used to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored. These are usually your e-mail address, surname and first name. We will inform you about the specific processing of the data during the usage process and obtain your consent. In addition, reference is made to this data protection declaration. The data is used exclusively for the processing of the conversation.

2. Legal basis

The legal basis for the processing of data when using the contact form is your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The processing of personal data from the input mask serves us solely to process the contact. You have the option at any time to revoke your consent to the processing of personal data to the listed contact persons.

3. Deletion of data

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended or the request of the user has been conclusively processed. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.

D.          Registration for subscription management

1. Type of data

On our websites, we offer you the possibility to register for the subscription management of our scientific magazine MaxPlanckForschung by providing personal data via an input mask. As a rule, we collect your e-mail address, name and first name. We will inform you about the specific processing of the data during the registration process and obtain your consent. In addition, we refer to this privacy policy.

2. Legal basis

The legal basis for the processing of data is Article 6 (1) a DSGVO if the user has given his/her consent. If the registration serves the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

3. Deletion of data

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data collected during the registration process when the registration on our websites is cancelled or modified. For the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures, this is the case when the data is no longer necessary for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

You have the option to cancel the registration at any time. You can have the data stored about you changed at any time; the procedure is described in more detail in the specific registration process. If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

E.          Measures for the Secure Use of Forms

1. Prevention of the misuse of forms

a. Type of data

To prevent the misuse of forms, the function "Friendly Captcha" is used. Friendly Captcha serves to exclude mass machine use of the following forms:

  • Registration for subscription management

When a form containing the Friendly Captcha widget is called up, a puzzle request is automatically sent from the user's device. Friendly Captcha collects the following log data:

  •  the request header User Agent, Origin, and Referrer
  • the puzzle itself, which contains information about the account and website key of the form provider it is connected to
  •  the widget version
  • a timestamp

Friendly Captcha stores an anonymized counter for each IP address for dynamic scaling of puzzle difficulty on the edge network to detect malicious users and minimize the blocking of legitimate users.  This data is stored separately from the rest of the data and cannot be linked to specific websites or other things. We anonymize IP addresses with a one-way hash of certain values so that they cannot be personally identified. When using Friendly Captcha, no other information or personal data, such as your name, email address, or online profiles, is requested.

b. Legal basis

The legal basis for the data processing is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TTDSG. The token is used to ensure the security of communication through forms and prevent misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use is essential for the operation of the mentioned forms. Consequently, there is no possibility of objection on the part of the users.

c.Data deletion

The data collected when using Friendly Captcha is anonymized.

2. Securing communication through forms

a. Type of Data

To protect the integrity of the data entered into a form while the form is being transmitted, a digital token is retrieved from the MPG servers and transmitted back when the completed form is submitted. The token csrf_token is used to secure the communication through the following forms:

  • Registration for subscription management

b. Legal basis

The legal basis for the data processing is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TTDSG. The token is used to ensure the security of communication through forms and prevent misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use of the token is absolutely necessary in order to operate the mentioned forms. Consequently, there is no possibility of objection on the part of the users.

c. Data deletion

The MPG does not store any data when using the token.

F. Data Transmission

The management and storage of your personal details is carried out by selected services

  • Registration for subscription management “abo.mpg.de” (Section D)

within the scope of commissioned data processing on systems of our service providers.

Your personal data are only transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data are not shared with third parties for any other purposes.

G.          General information

1. Contact details of the responsible persons

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws as well as other data protection regulations is the

Max Planck Society for the Advancement of Science (MPG)

Hofgartenstrasse 8

D-80539 Munich

Telephone: +49 (89) 2108-0

Contact form: https://www.mpg.de/kontakt/anfragen

Internet: https://www.mpg.de

2. Contact details of the data protection officer

The data protection officer of the responsible parties can be reached as follows:

Data Protection Officer of MPG

Hofgartenstrasse 8

D-80539 Munich

Telephone: +49 (89) 2108-1554

datenschutz@mpg.de

H.          Rights of the data subjects

As a data subject whose personal data is collected as part of the above services, you generally have the following rights, unless legal exceptions apply in individual cases:

- Information (Art. 15 DS-GVO)

- Correction (Art. 16 DS-GVO)

- Deletion (Art. 17 (1) DS-GVO)

- Restriction of processing (Art. 18 DS-GVO)

- Data portability (Art. 20 DS-GVO)

- Objection to processing (Art. 21 DS-GVO)

- Withdrawal of consent (Art. 7 (3) DS-GVO)

- Right of appeal to the supervisory authority (Art. 77 DS-GVO). For MPG, this is the Bavarian State Office for Data Protection Supervision, Postfach 1349, 91504 Ansbach.

 

Go to Editor View