The Max-‐Planck-‐Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our website, observing the currently valid provisions under data protection law as amended. Your data is neither published by us, nor disclosed to third parties on an unauthorised basis. In the following, we will explain which data we record during your visit to our webpages and exactly how we use it.
A. General details
1. Scope of data processing
We only ever collect and use personal data to the extent required in order to provide a functional website which presents our content and services. The collection and utilization of our users’ personal data is carried out regularly based on the users’ consent. An exception applies in instances where processing of the data is permitted by statutory provisions.
2. Legal basis for data processing
If we obtain the consent of the data subject to carry out personal data processing operations, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR). When it is necessary to process personal data in order to fulfil a contract whose contractual party is the data subject, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-‐contractual measures.
If processing is required in order to safeguard a legitimate interest of the MPG or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject override the first-‐mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.
3. Data erasure and duration of storage
The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the MPG is subject. Data is also blocked or erased if the retention period prescribed by the above-‐mentioned legislation expires, unless the data is required to be stored for longer for the purpose of concluding or performing a contract.
4. Contact details of the controller
The controller as defined by the EU General Data Protection Regulation (GDPR) as well as other data protection laws and provisions under data protection legislation is:
Max-‐Planck-‐Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Phone: +49 (89) 2108-‐0
Contact form: https://www.mpg.de/kontakt/anfragen
5. Contact details of the Data Protection Officer
The controller’s Data Protection Officer is
Phone: +49 (89) 2108-‐1554
B. Provision of the website and creation of logfiles
Every time our website is accessed, our servers and applications automatically log data and information from the accessing computer system.
The following data is collected:
• Your IP address
• Date and time the page is accessed
• Address of the page accessed
• Address of the website visited previously (referrer)
• Name and version of your browser/operating system (if transmitted)
The data is saved in our systems’ logfiles. This data is not saved together with other personal data relating to the user.
The legal basis for the temporary saving of data and logfiles is Article 6, para. 1, lit. f GDPR. Data is saved in logfiles in order to ensure the functional capability of the website. In addition, the data serves to optimize the web pages, eliminate faults and ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in logfiles, this applies after a maximum of seven days. Saving of data beyond this period is possible. In this case, users’ IP addresses are deleted or altered so that they can no longer be attributed to the accessing client.1
Data collection for the purpose of providing the website and the saving of data in logfiles are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.
C. Web analysis
• IP address, anonymized by means of abbreviation
• Two cookies to distinguish between different visitors (pk_id and pk_sess)
• Previously visited URLs (referrers) if transmitted by the browser
• Name and version of the operating system
• Name, version and language setting of the browser
• URLs visited on this website
• Times of page visits
• Type of HTML requests
• Screen resolution and colour depth
• Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)
The saving and analysis of data is carried out solely on a central server operated by the MPI.
The legal basis for the processing of personal user data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyze our users’ utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our websites and their user-‐friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. Anonymization of the IP address sufficiently meets the users’ interest in the protection of their personal data.
The data is deleted after the final annual totals have been arrived at for access statistics. Of course, you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:
1. In your browser, activate the do-not-track or do-not-follow settings. If these settings are active, our central server will not store any data relating to you. Important: The do-not-track instruction generally applies only for the device and browser in which you activate the setting. If you utilize several devices/browsers, you will need to separately activate do-not-track in all relevant locations.
2. Utilize our opt-out function. Click the following selection box https://analytics.mpi.nl/index.php?module=CoreAdminHome&action=optOut in order to stop data recording or to reactivate it. If the selection box is deactivated, our central server will not store any data about you. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete it or utilize another PC/browser, you will need to revoke data recording again on this page.
• Language settings (localization) of the browser: Sessioncookie i18next
• Session data (click series, pages accessed, current language and any error messages on forms: Sessioncookie mpg_session_r Both cookies are deleted when the session is closed
• Adoption of the browser language setting: automatic selection of the start page and spell check
• Remembering of form details entered: words used in searches within the website, details entered in the contact form
E. Rights of data subjects
As a data subject whose personal data is collected in connection with the above-‐mentioned services, you have the following fundamental rights unless legal exceptions apply in individual cases:
• Access (Article 15 GDPR)
• Rectification (Article 16 GDPR)
• Erasure (Article 17, para. 1 GDPR)
• Restriction of processing (Article 18 GDPR)
• Data portability (Article 20 GDPR)
• Objection to processing (Article 21 GDPR)
• Withdrawal of consent (Article 7, para. 3 GDPR)