Data Protection Information

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our website, observing the currently valid provisions under data protection law as amended. Your data is neither published by us, nor disclosed to third parties unauthorised. In the following, we will explain which data we record during your visit to our webpages and exactly how we use it.

A. General details

1. Scope of data processing

We only ever collect and use personal data to the extent required to provide a functional website as well as our content and services. The collection and utilization of our users' personal data is carried out regularly with the users' consent. An exception applies in instances where processing of the data is permitted by statutory provisions.

2. Legal basis for data processing

If we obtain the consent of the data subject to carry out personal data processing, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR). When it is necessary to process personal data in order to fulfil a contract whose contractual party the data subject is, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures. If processing is required in order to safeguard a legitimate interest of the MPG or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject override the first-mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.

3. Data erasure and duration of storage

The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the MPG is subject. Data is also blocked or erased if the retention period prescribed by the above-mentioned legislation expires, unless the data is required to be stored for longer for the purpose of concluding or performing a contract.

4. Contact details of the controller

The controller as defined by the EU General Data Protection Regulation (GDPR) as well as other data protection laws and provisions under data protection legislation is:
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstraße 8
D-80539 Munich
Germany
+49 89 2108-0
www.mpg.de/kontakt/anfragen
www.mpg.de

5. Contact details of the Data Protection Officer

The controller's Data Protection Officer is:
Heidi Schuster
Hofgartenstraße 8
D-80539 Munich
+49 (89) 2108-1554
datenschutz@mpg.de

B. Provision of the website and creation of logfiles

Every time our website is accessed, our servers and applications automatically log data and information from the accessing computer system. The following data is collected:

  • Your IP address
  • Date and time the page is accessed
  • Address of the page accessed
  • Address of the website visited previously (referrer)
  • Name and version of your browser/operating system (if transmitted)

The data is saved in our systems' logfiles. This data is not stored together with other personal data relating to the user.
The legal basis for the temporary saving of data and logfiles is Article 6, para. 1, lit. f GDPR. Data is saved in logfiles in order to ensure the functional capability of the website. In addition, the data serves to optimize the websites, eliminate faults and ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished.
In the case of saving data in logfiles, this applies after a maximum of seven days. Saving of data beyond this period is possible. In this case, users' IP addresses are deleted or altered so that they can no longer be attributed to the accessing client.
Data collection for the purpose of providing the website and the saving of data in logfiles are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.

C. Registration

On our web pages we offer users the opportunity to register by entering personal data via an input screen. Generally speaking we ask for your e-mail address, last name and first name. We inform you about the concrete processing of your data in the course of the registration operation and obtain your consent accordingly. There is also a reference to this Data Protection Information.
The legal basis for processing data is the existence of the user's consent according to Article 6, para. 1, lit. a GDPR. If registration serves to fulfil a contract of which the user is a contractual party or to implement pre-contractual measures, the additional legal basis for data processing is Article 6, para. 1, lit. b GDPR. It is necessary to register the user in order to be able to provide certain content and services on our website, fulfil a contract with the user or implement pre-contractual measures. The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. This applies to the data collected during the registration operation if registration on our websites is withdrawn or altered. It applies to the registration operation to fulfil a contract or to implement pre-contractual measures if the data is no longer required in order to implement the contract. It may also be necessary to save the contractual partner's personal data after conclusion of the contract in order to meet contractual or statutory requirements.
As a user, you can withdraw registration at any time. You can have the data relating to you altered at any time; the procedure is described in detail during the actual registration operation. If the data is required to fulfil a contract or implement pre-contractual measures, premature deletion of the data is only possible if this is not prevented by contractual or statutory obligations.

D. Rights of data subjects

As a data subject whose personal data is collected in connection with the above-mentioned services, you have the following fundamental rights unless legal exceptions apply in individual cases:

  • Access (Article 15 GDPR)
  • Rectification (Article 16 GDPR)
  • Erasure (Article 17, para. 1 GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data portability (Article 20 GDPR)
  • Objection to processing (Article 21 GDPR)
  • Withdrawal of consent (Article 7, para. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR). For the MPG, this is BayLDA (Bavarian Data Protection Authority), Postfach 1349, 91504 Ansbach.