The Max Planck Society for the Advancement of Science (Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V.) (hereinafter MPG) takes the protection of personal data very seriously. The MPG processes personal data collected from visitors to the ip.mpg.de website in accordance with the data protection regulations in force. Your data is neither published nor communicated to third parties without authorisation. The following explains how your data is recorded during your visit to the ip.mpg.de website and exactly how it is used.

A. General information

1. Extent of data processing

As a matter of principle, the MPG only records and uses users’ personal data to the extent necessary for the provision of an operational website and its contents and services. The users’ personal data are as a rule recorded and used after the users have given their consent. One exception is where statutory provisions permit the data to be processed.

2. Legal basis for data processing

Where the MPG obtains the data subject’s consent to the processing of personal data, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (hereinafter GDPR). Where the processing of personal data is necessary to perform a contract to which the data subject is a party, the legal basis is Article 6(1)(b) of the GDPR. This also applies to data processing that is necessary to take measures before conclusion of the contract. If the processing is necessary to safeguard the legitimate interests of the MPG or a third party, and if these interests are not overridden by the interests and fundamental rights and freedoms of the data subject, the legal basis is Article 6(1)(f) of the Regulation.

3. Deletion of data and period of storage

The data subject’s personal data are deleted or blocked once the purpose of the storage ceases to apply. The data may also be stored if this is laid down by the European or national legislatures in decrees, statutes or other regulations under European law that apply to the MPG. The data is also blocked or deleted if a storage period laid down by the said regulations expires, unless the data must continue to be stored for the purpose of the conclusion or performance of a contract.

4. Controller’s contact details

Responsibility within the meaning of the GDPR and other national data protection legislation and other data protection provisions lies with the

Max Planck Society for the Advancement of Science (Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V.) (MPG)
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-0
Contact form: www.mpg.de/kontakt/anfragen
Internet: www.mpg.de

5. Data protection officer’s contact details

The controller’s data protection officer is

Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-1554
datenschutz@mpg.de

B. Provision of the website and creation of logfiles

Whenever our website is accessed, our servers and applications record automated data and information from the accessing computer’s system.

The following data are temporarily recorded:

• your IP address
• date and time of your access to the page
• address of the page accessed
• address of the website just visited (referrer)
• name and version of your browser/operating system (if communicated)

The data are stored in our system logfiles. These data are not stored together with the user’s other personal data.

The legal basis for the temporary storage of the data and the logfiles is Article 6(1)(f) of the GDPR. The data are stored in logfiles to ensure the operability of the website. In addition, the data help us to optimise the web pages, to eliminate faults and to ensure the security of our information system technology. These purposes also constitute our legitimate interest in the data processing in accordance with Article 6(1)(f) of the Regulation.

The data are deleted once they are no longer necessary to achieve the purpose for which they were recorded. Where data are recorded in order to make the website available, they are deleted at the end of the session in question. Where the data are stored in logfiles, they are deleted at the latest after seven days. A longer storage is possible, but in this case users’ IP addresses are deleted or distorted so that the accessing client can no longer be identified.

The recording of data for the provision of the website and the storage of data in logfiles is essential for the operation of the website. Hence the user cannot object to this recording.

C. Use of cookies

Our website uses cookies. Cookies are text files that are stored in or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that allow the browser to be identified when accessing the website again.

We use cookies to make our website more user-friendly. For technical reasons, some elements of our website also require the accessing browser to be identified after a change of page. The following data are stored and communicated in the cookies:

• navigation status: open or closed (navigation)
• presentation of the map (ROUTEID, LB_Geoportal, JSESSIONID, hinweis, LB_Geodaten)

The cookies are deleted after the session is ended.

The legal basis for using cookies to process personal data is Article 6(1)(f) of the GDPR. Some functions of our website cannot be made available without using cookies. They need the browser to be recognised even after a change of page. We need cookies for the following applications:

• navigation status
• recalling data entered in forms: terms used in a search within the site and entries in the contact form (Section F)
• presentation of the selected map options of the map of Geoportal Bayern, provided by State Office for Digitization, Broadband and Surveying (Landesamt für Digitalisierung, Breitband und Vermessung).

The user data recorded by technically necessary cookies are not used to create user profiles. This purpose also constitutes our legitimate interest in processing the personal data according to Article 6(1)(f) of the GDPR.

Cookies are stored on the user’s computer, which transmits them to our site. Hence you as user have full control over the use of cookies. You can change the settings in your Internet browser to deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that not all functions of the site can be used in full.

In addition, on the ip.mpg.de website, the MPG uses cookies that support the analysis of the user’s usage behaviour. For more details please refer to J. Webtracking.

D. Newsletter

The ip.mpg.de website allows you to subscribe to our free newsletter. When you register, we receive the data entered in the form. As a rule this means your email address and your first and last name. We inform you during the registration process of exactly how this data will be processed, and ask for your consent. In addition, reference is made to this data protection declaration. The data will be used only for the purpose indicated.

The legal basis for the processing of the data after the user has registered for the newsletter is the user’s consent, according to Article 6(1)(a) of the GDPR. The data is recorded in order to enable us to send you the newsletter. The data is deleted once it is no longer necessary to achieve the purpose for which it was collected. Accordingly, the user’s email address is stored as long as the newsletter subscription is active.

You can revoke your consent to the storage of the data and its use for email delivery at any time, e.g. via an unsubscribe link in the message or via the unsubscribe page.

The Institute uses rapidmail to send its mailings by email. Your data will therefore be transmitted to rapidmail GmbH. It is prohibited for rapidmail GmbH to use your data for purposes other than sending the Institute's emails. rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider which has been carefully selected in accordance with the requirements of the GDPR and the BDSG.

E. Registration as part of a funding application

The ip.mpg.de website enables users to register with the MPG so that they can apply for funding. This involves entering personal data in an input mask. In this process, data are recorded that are necessary for the award-of-funding process. These are title, given and family name, together with your contact details (address, email address, telephone), the focus of the research work, desired duration of stay, language skills, educational qualifications, other qualifications and training, application documents (CV, certificates, letters of recommendation, project description, photo), date of birth and information about additional income. We will inform you of exactly how these data will be processed during the registration process and ask you for your consent. In addition, reference will be made to this data protection declaration.

The legal basis for the data processing is, if the user has given his or her consent, Article 6(1)(a) of the GDPR. If the registration serves to implement funding where the user is a party involved, or to carry out precontractual measures, an additional legal basis for the data processing is Article 6(1)(b) of the GDPR. In order to provide certain content and services on our website and/or to perform a contract with the user or to carry out precontractual measures, it is necessary for the user to be registered. The data are deleted once they are no longer necessary for the purpose for which they were recorded. Where a registration is made for an application for funding or where precontractual measures are carried out, this is the case once the data are no longer necessary for the application or the implementation of this and subsequent applications. Contractual or statutory obligations may require the contract partner’s personal data to be stored even after the funding has been concluded.

As user, you can cancel the registration at any time. You can request the modification of stored data concerning you at any time, and the procedure to be followed is described in further detail in the specific registration process. If the data are necessary to perform a contract or to carry out precontractual measures, premature deletion of the data is only possible if this is not in conflict with any contractual or statutory obligations.

F. Registration for events

The ip.mpg.de website enables users to register with the MPG for selected events by entering personal details in an input mask. As a rule, the MPG records your email address, family and given names. We will inform you of exactly how these data will be processed during the registration process and ask for your consent. In addition, reference will be made to this data protection declaration.

The legal basis for the data processing is, if the user has given his or her consent, Article 6(1)(a) of the GDPR. The user’s registration is necessary for organisational aspects of a number of events. The data are deleted once they are no longer necessary for the purpose for which they were recorded. For the data recorded during the registration process for an event, this is the case if the registration on our websites is cancelled or modified. For registrations for events, this is the case if the data are no longer necessary for the holding of the event. Statutory obligations may require the participant’s personal data to continue to be stored even after the event has been concluded.

As user, you can cancel the registration at any time. You can request the modification of stored data concerning you at any time. You only need to send an email to the contact person named for the event. If the data is necessary for the holding of an event, premature deletion of the data is only possible if this is not in conflict with any statutory obligations.

F. Online job applications

If you apply for a job with us online, a separate data protection notice applies. This can be found at the respective page of the job application portal.

G. Data communication

Your personal data will only be communicated to State institutions and authorities in the cases required by law and/or for the purpose of prosecuting offences due to attacks on our network infrastructure. Data will not be communicated to third parties for any other purpose.

H. Data subjects’ rights

As a data subject whose personal data are recorded within the framework of the above-mentioned services, you have the following rights as a matter of principle, unless statutory exceptions apply in the specific case:

• access (Article 15 GDPR)
• rectification (Article 16 GDPR)
• erasure (Article 17(1) GDPR)
• restriction of processing (Article 18 GDPR)
• data portability (Article 20 GDPR)
• right to object to processing (Article 21 GDPR)
• revocation of consent (Article 7(3) GDPR)
• right to lodge a complaint with a supervisory authority (Article 77 GDPR).

For the MPG, this is the Bayerische Landesamt für Datenschutzaufsicht, Postfach 1349, 91504 Ansbach. (Bavarian State Office for Data Protection Supervision), PO Box 1349, 91504 Ansbach.

I. Web analysis

In order to collect statistical data about use patterns, we use the Matomo (formerly known as Piwik) web analysis program, which uses cookies and JavaScript to collect and send us various kinds of information on your computer. Whenever our web pages are accessed, our system records the following data and information from the accessing computer system:

• IP address, abbreviated and anonymised
• two cookies to distinguish different visitors (pk_id and pk_sess)
• URL just visited (referrer), if communicated by the browser
• operating system name and version
• Browser’s name, version and language setting

And, if JavaScript is activated:

• URLs visited on this website
• time the page was accessed
• type of HTML access
• monitor resolution and colour depth
• technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears).

The data are only stored and analysed on a central server operated by MPG. In addition to the central www.mpg.de website, it is also used by most Max Planck Institutes and many of the project websites attributable to the MPG.

The legal basis for processing the user’s personal data is Article 6(1)(f) of the GDPR. The processing of the user’s personal data allows us to analyse the use patterns of our users. The analysis of the data acquired allows us to compile information about the use of individual elements of our Internet site. This helps us to improve our site and its user-friendliness. It is this purpose that also constitutes our legitimate interest in processing the data pursuant to Article 6(1) of the GDPR. The anonymisation of the IP addresses takes sufficient account of the users’ interest in the protection of their personal data.

The data are deleted after the final annual totals for the access statistics have been determined.

It goes without saying that you can object to the recording of the data. You may use any of the following independent means to object to the recording of data by the central server:

Activate the Do-Not-Track setting in your browser. As long as this setting is active, our central server will not store any data from you of any kind. Note: The Do-Not-Track instruction applies as a rule only for one device and for the browser in which you have activated the setting. If you use more than one device/browser, you must activate Do-Not-Track separately on each of them.

Use our opt-out function. Check the following selection box to stop or reactivate data recording. As long as this box is not activated, our central server will not store any data from you of any kind. Note: the opt-out requires us to store a special identifying cookie in your browser. If you delete this cookie or use a different PC or browser, you must repeat your objection to the recording of data on this page.