Data protection information
The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with the applicable data protection legislation and, as a matter of principle, only to the extent that this is necessary to provide a functioning website and our content and services. We neither publish your data nor transmit them to third parties on an unauthorized basis.
In the following sections, we explain which data we record when you visit one of our websites, and how exactly they are utilized:
A. Provision of the Website
1. Visiting the website
a. Type of data
Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer.
The following data are gathered temporarily:
- Your IP address
- Date and time of your access to the website
- Address of the page visited
- Address of the previously visited website (referrer)
- Name and version of your browser / operating system (if transmitted)
These data are stored in our systems' log files. There is no storage of these data together with other personal data relating to the users.
b. Legal basis
The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also serve to optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
The recording of data for the provision of the website and the storage of data in log files are essential to operate the website. It is therefore not possible for the users to object.
c. Data deletion
The data are deleted as soon as they are no longer required in order to fulfil the purpose of their collection. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the event that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting client.
2. User-friendly website design
a. Type of data
Our website uses cookies. Cookies are text files which are saved in or by the internet browser in the users’ computer systems. If a user accesses a website, a cookie is saved on the user's operating system. These cookies contain a characteristic string of characters which enables definitive identification of the browser the next time the website is accessed.
We use cookies in order to make our website more user-friendly. It is a technical requirement of certain elements of our website that the accessing browser can also be identified after a page change. In the process, the following data are saved and transmitted in cookies:
- Language settings (localisation) of the browser, functionality of the language switch DE-EN also when changing pages: Sessioncookie i18next
- Session data (click path, pages visited, current language, remembering form data (terms used in the internal site search, entries in the contact form) as well as error messages for forms, if applicable): Sessioncookie mpg_session_r
Cookies are saved on your computer and transmitted by the latter to our website. For this reason, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. This can also happen on an automated basis. If cookies are deactivated for our website, the full range of functions of the website may not be entirely available for use.
b. Legal basis
The legal basis for the processing of personal data by means of cookies is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 of the German Act an Data Protection and Protection of Privacy in Telecommunications and Digital Services [TDDDG]. Some of the functions of our website cannot be offered without the use of cookies. For these, it is absolutely necessary that the browser is recognized even after a page change.
c. Data deletion
The cookies are deleted after closing the session.
B. Web Analysis
1. Type of data
We use the web analytics programme Matomo for statistical data collection in relation to utilization behaviour; this programme uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Each time our website is accessed, our system logs the following data and information from the accessing computer system:
- IP address, anonymized by means of abbreviation
- Two cookies to distinguish between different visitors: pk_id and pk_sess
- Previously visited URL (referrer) if communicated by the browser
- Name and version of the operating system
- Name, version and language setting of the browser.
The following data are collected additionally if JavaScript is activated:
- URLs visited on this website
- Times of page visits
- Type of HTML requests
- Screen resolution and colour depth
- Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears).
The saving and analysis of data is carried out solely on a central server operated by the MPG. In addition to the central website www.mpg.de, it is also used by most Max Planck Institutes and many MPG project websites.
It goes without saying that you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:
- In your browser, activate the Do-Not-Track setting. As long as this setting is active, our central server will not save any of your data. Important: Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
- Use our opt-out function. Click on the check mark in the following selection box under https://www.mpg.de/datenschutzhinweis/datenerhebung-deaktivieren in order to stop or reactivate data collection. As long as the selection box is deactivated, our central server will not save any of your data. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.
There is no storage of these data together with other personal data relating to the user.
2. Legal basis
The legal basis for the processing of personal data by means of cookies is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. The processing of the users' personal data enables us to analyze the usage behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our websites. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. By anonymizing the IP address, the users' interest in the protection of their personal data is sufficiently taken into account.
3. Data deletion
The data are deleted after the final annual totals have been arrived at for access statistics.
C. Newsletter
1. Type of data
Our website offers users the opportunity to sign up for a free newsletter. When users sign up for the newsletter, the data from the input screen are transmitted to us. This generally consists of your email address, last name and first name. We inform you about the concrete processing of your data in the course of the sign-up process and obtain your consent accordingly. There is also a reference to this Data Privacy Statement. The data are solely used for sending out the newsletter.
We use tracking to adapt contents to the interests of the users and to measure our information activity.. When registering, each user can activate tracking themselves (activated by default). Subsequently, each user can independently activate/deactivate tracking at any time in the profile editing.
The following data are collected as part of tracking:
- Successful delivery of the newsletter
- Opening of the newsletter yes/no via tracking pixels (mini graphic in the newsletter)
- Type of browser, type of operating system
- Mobile terminal or normal terminal
- User Agent (e-mail client used)
- IP address
- Date and time of the opening of the newsletter
- Links clicked in the newsletter
2. Legal basis
The legal basis for processing the data after a user signs up for the newsletter is the user's consent according to Art. 6 (1) lit. a GDPR. The purpose of collecting data is to deliver the newsletter.
The legal basis for voluntary tracking is Art. 6 (1) lit. a GDPR as well as § 25, para.1 TTDSG.
3. Data deletion
The user's email address is therefore only saved for as long as the newsletter subscription is active. The newsletter subscription can be cancelled by the user in question at any time.
Link to unsubscribe from the newsletter
If a user consents to the tracking, these data will be stored as long as the subscription to the newsletter is active or the user revokes their consent to tracking via their personal profile.
D. Push News
1. Type of data
On our website, it is possible to activate push news for the browser. For this purpose, the login time and a push token or device ID are stored. On the one hand, these data serve to be able to send you the push news and, on the other hand, as proof of your registration. As part of the activation process, we obtain your consent and refer you to this Data Privacy Statement. The data are solely used for sending out the push news. Tracking or the collection of statistics is not performed.
The subscription can be activated via the bell symbol next to the search field by placing a check mark in the selection field. For this to function, receiving notifications must be activated in the browser. The notifications are limited to the browser used when activating the push news; for use in further browsers, the push news must be activated separately. Notifications are only delivered when the browser is open.
2. Legal basis
The legal basis for processing the data after a user signs up for push news is the user's consent according to Art. 6 (1) lit. a GDPR. The purpose of data collection is to be able to send out the push news.
3. Data deletion
The user's token is therefore only saved for as long as the subscription to the push news is active. The subscription to the push news can be cancelled by the user in question at any time.
In the same way as activation, deactivation is carried out via the bell. Removing the check mark from the selection box deactivates the subscription.
E. Contact Form
1. Type of data
On our website, there is a contact form which can be used to make contact electronically. If you make use of this option, the details entered in the input screen are transmitted to us and saved. This generally consists of your email address, last name and first name. We inform you about the concrete processing of your data in the course of the operation and obtain your consent accordingly. There is also a reference to this Data Privacy Statement. The data are used solely for processing the dialogue.
2. Legal basis
The legal basis for processing data in connection with the use of the contact form is your consent according to Art. 6 (1) lit a GDPR. Processing of personal data from the input screen serves the sole purpose of processing the contact request. You have the option to withdraw your consent to the processing of personal data at any time vis-à-vis the listed contact persons.
3. Data deletion
The data are deleted as soon as they are no longer required in order to fulfil the purpose of their collection. This is the case when the relevant dialogue with the user is finished or the processing of the user's request has been finalized. The dialogue is finished when circumstances indicate that the matter in question has been conclusively clarified.
F. Registration for Subscription Management
1. Type of data
On our websites, we offer you the opportunity to register for the subscription management of our scientific magazine MaxPlanckResearch by entering personal data via an input screen. As a rule, we ask for your email address, last name and first name. We inform you about the concrete processing of your data in the course of the registration operation and obtain your consent accordingly. There is also a reference to this Data Privacy Statement.
2. Legal basis
The legal basis for processing data is the existence of the user's consent according to Art. 6 (1) lit. a GDPR. If registration serves to fulfil a contract of which you are a contractual party or to implement pre-contractual measures, the additional legal basis for data processing is Art. 6 (1) lit. b GDPR.
3. Data deletion
The data are deleted as soon as they are no longer required in order to fulfil the purpose of their collection. This applies to the data collected during the registration operation if registration on our websites is withdrawn or altered. It applies to the registration operation to fulfil a contract or to implement pre-contractual measures if the data are no longer required in order to implement the contract. It may also be necessary to save the contractual partner's personal data after conclusion of the contract in order to meet contractual or statutory requirements.
You can withdraw registration at any time. You can have the data relating to you altered at any time; the procedure is described in detail during the actual registration operation. If the data are required to fulfil a contract or implement pre-contractual measures, premature deletion of the data is only possible if this is not prevented by contractual or statutory obligations.
G. Measures for the Secure Use of Forms
1. Prevention of the misuse of forms
a. Type of data
To prevent the misuse of forms, the function "Friendly Captcha" is used. Friendly Captcha serves to exclude mass machine use of the following forms:
- Newsletter sign-up
- Contact form
- Registration for subscription management
When a form containing the Friendly Captcha widget is called up, a puzzle request is automatically sent from the user's device. Friendly Captcha collects the following log data:
- the request header User Agent, Origin, and Referrer
- the puzzle itself, which contains information about the account and website key of the form provider it is connected to
- the widget version
- a timestamp
Friendly Captcha stores an anonymized counter for each IP address for dynamic scaling of puzzle difficulty on the edge network to detect malicious users and minimize the blocking of legitimate users. This data is stored separately from the rest of the data and cannot be linked to specific websites or other things. We anonymize IP addresses with a one-way hash of certain values so that they cannot be personally identified. When using Friendly Captcha, no other information or personal data, such as your name, email address, or online profiles, is requested.
b. Legal basis
The legal basis for the data processing is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. The token is used to ensure the security of communication through forms and prevent misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use is essential for the operation of the mentioned forms. Consequently, there is no possibility of objection on the part of the users.
c.Data deletion
The data collected when using Friendly Captcha is anonymized.
2. Securing communication through forms
- Type of Data
To protect the integrity of the data entered into a form while the form is being transmitted, a digital token is retrieved from the MPG servers and transmitted back when the completed form is submitted. The token csrf_token is used to secure the communication through the following forms:
- Newsletter sign-up
- Contact form
- Registration for subscription management
b. Legal basis
The legal basis for the data processing is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TTDSG. The token is used to ensure the security of communication through forms and prevent misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use of the token is absolutely necessary in order to operate the mentioned forms. Consequently, there is no possibility of objection on the part of the users.
c. Data deletion
The MPG does not store any data when using the token.
H. Data Transmission
The management and storage of your personal details is carried out by selected services
- Newsletter (Section E)
- Contact form (Section F)
- Registration for subscription management “abo.mpg.de” (Section G)
within the scope of commissioned data processing on systems of our service providers.
Your personal data are only transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data are not shared with third parties for any other purposes.
I. YouTube
On some pages, our website uses external links to videos on the YouTube platform that are not directly embedded in the pages. The external links are provided with a preview image generated via an API service provided by YouTube.
All YouTube content displayed on www.mpg.de is subject to YouTube's terms of use. By accessing this content, users of www.mpg.de accept these terms of use.
YouTube's terms of use can be viewed at the following link:
https://www.youtube.com/t/terms
The data protection declaration (Google PrivacyPolicy) can be accessed at the following link:
https://policies.google.com/privacy?hl=en
J. General Details
1. Contact details of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Germany
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/kontakt/anfragen
Internet: https://www.mpg.de
2. Data Protection Officer's contact details
The controller’s data protection officer is
Data Protection Officer of the MPG
Hofgartenstrasse 8
D-80539 Munich
Germany
Telephone: +49 (89) 2108-1554
datenschutz@mpg.de
K. Rights of the Data Subjects
As a data subject whose personal data are collected in the context of the above-mentioned services, you generally have the following rights unless legal exceptions apply in individual cases:
- Information (Article 15 GDPR)
- Correction (Article 16 GDPR)
- Deletion (Article 17 (1) GDPR)
- Restriction of processing (Article 18 GDPR)
- Data transmission (Article 20 GDPR)
- Revocation of processing (Article 21 GDPR)
- Revocation of consent (Article 7 (3) GDPR)
- Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bayerische Landesamt für Datenschutzaufsicht [Bavarian Data Protection Authority], Postfach 1349, 91504 Ansbach, Germany.