Data Privacy

Data protection information
The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our website, observing the currently valid provisions under data protection law as amended. Your data is neither published by us, nor disclosed to third parties on an unauthorized basis. In the following, we will explain which data we record during your visit to our web pages and exactly how we use it.

A. General information
1. Scope of data processing
We only ever collect and use personal data to the extent required in order to provide a functional website that presents our content and services. The collection and utilization of our users’ personal data is carried out regularly based on the users’ consent. An exception applies in instances where processing of the data is permitted by statutory provisions.

2. Legal basis of data processing
If we obtain the consent of the data subject to carry out personal data processing operations, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR).
When it is necessary to process personal data in order to fulfill a contract whose contractual party is the data subject, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures.
If processing is required in order to safeguard a legitimate interest of the MPG or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject override the first-mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.

3. Data deletion and storage time
The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the MPG is subject. Data is also blocked or erased if the retention period prescribed by the above-mentioned legislation expires, unless the data is required to be stored for longer for the purpose of concluding or performing a contract.

4. Contact details of the responsible party for data processing
The controller as defined by the EU General Data Protection Regulation (GDPR) as well as other data protection laws and provisions under data protection legislation is:
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstraße 8
D-80539 Munich
Phone: +49 (89) 2108-0
Contact form: https://www.mpg.de/kontakt/anfragen
Internet: https://www.mpg.de

5. Contact data of the data protection manager
The controller’s Data Protection Officer is

Heidi Schuster
Hofgartenstraße 8
D-80539 Munich
Phone: +49 (89) 2108-1554
datenschutz@mpg.de

6. Contact of the Data Protection Coordinator at MPI for Biogeochemistry
Dr. Axel Kleidon
Max Planck Institut for Biogeochemistry
Hans-Knöll-Str. 10
07745 Jena, Germany
Phone: +49 (0)3641 57-6217
E-mail: dsk@bgc-jena.mpg.de

B. Provision of the website and creation of log files

Every time our website is accessed, our servers and applications automatically log data and information from the accessing computer system.
The following data is collected:
• Your IP address
• Date and time the page is accessed
• Address of the page accessed
• Address of the website visited previously (referrer)
• Name and version of your browser/operating system (if transmitted)
The data is saved in our systems’ logfiles. This data is not saved together with other personal data relating to the user.

The legal basis for the temporary saving of data and logfiles is Article 6, para. 1, lit. f GDPR. Data is saved in logfiles in order to ensure the functional capability of the website. In addition, the data serves to optimize the web pages, eliminate faults and ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in logfiles, this applies after a maximum of seven days. Saving of data beyond this period is possible. In this case, users’ IP addresses are deleted or altered so that they can no longer be attributed to the accessing client.1
Data collection for the purpose of providing the website and the saving of data in logfiles are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.

C. Web analysis
We use the web analytics Google Analytics for statistical data collection in relation to utilization behavior; this program uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Every time our website is accessed, our system logs the following data and information from the accessing computer system:
• IP address, anonymized by means of abbreviation
• Two cookies to distinguish between different visitors (pk_id and pk_sess)
• Previously visited URLs (referrers) if transmitted by the browser
• Name and version of the operating system

• Name, version and language setting of the browser
The following data is also collected if JavaScript is activated:
• URLs visited on this website
• Times of page visits
• Type of HTML requests
• Screen resolution and colour depth
• Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears

The saving and analysis of data is carried out solely on a central server operated by the MPDL.
The legal basis for the processing of personal user data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyze our users’ utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. Anonymization of the IP address sufficiently meets the users’ interest in the protection of their personal data.

The data is deleted after the final annual totals have been arrived at for access statistics.
Of course, you have the opportunity to object to your data being collected. The following independent method is available to you if you wish to object to data collection by the central server:
In your browser, activate the Do-Not-Track setting. If this setting is active, our central server does not save any of your data. Important: Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.

D. Use of cookies
Our website uses cookies. Cookies are text files which are saved in or by the internet browser in the user’s computer system. If a user accesses a website, a cookie can be saved on the user’s operating system. This cookie contains a characteristic string of characters which enables definitive identification of the browser the next time the website is accessed.

Please check our Cookie Policy for all details.

E: Contact form

On our website there is a contact form which can be used to make contact electronically. If a user makes use of this option, the details entered in the input screen are transmitted to us and saved. This generally consists of your e-mail address, last name and first name. We inform you about the concrete processing of your data in the course of the operation and obtain your consent accordingly. There is also a reference to this Data Protection Information. The data is used solely for processing the dialogue.
The function Google reCaptcha is used in order to avoid misuse of the form. reCaptcha serves to prevent any automatic mass use of the contact form in that visual questions appear which can only be answered by a human being. reCaptcha is an embedded JavaScript which establishes a connection with the provider’s servers when the contact form is accessed. This at least supplies the provider with the information that you have visited the contact form, potentially also additional information revealing your web browser and the device you are using. You can find out details from a reference to data processing by the provider that is included in the contact form.6
The legal basis for processing data in connection with use of the contact form is the existence of the user’s consent according to Article 6, para. 1, lit. a GDPR. Processing of personal data from the input screen serves the sole purpose of processing the contact request. The data is deleted as soon as it is no longer required in order to fulfill the purpose of its collection. This is the case when the relevant dialogue with the user is finished or the user’s request has been dealt with. The dialogue is finished when circumstances indicate that the matter in question has been conclusively clarified. The user can withdraw their consent to the processing of personal data vis-à-vis the contact partners listed at any time.
The legal basis for the processing of data by reCaptcha is Article 6, para. 1, lit. f GDPR. reCaptcha is used to ensure the functional capability of the contact form and prevent its misuse. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. The use of reCaptcha is absolutely necessary in order to operate the contact form. It is therefore not possible for the user to object

F. Data transmission
Your personal data will only be conveyed to state institutions and authorities in legally essential cases or for criminal prosecution based on attacks on our network infrastructure. The data are not transmitted to third parties for other purposes.

G. Rights of individuals affected
As a data subject whose personal data is collected in connection with the above-mentioned services, you have the following fundamental rights unless legal exceptions apply in individual cases:
• Access (Article 15 GDPR)
• Rectification (Article 16 GDPR)
• Erasure (Article 17, para. 1 GDPR)
• Restriction of processing (Article 18 GDPR)
• Data portability (Article 20 GDPR)
• Objection to processing (Article 21 GDPR)
• Withdrawal of consent (Article 7, para. 3 GDPR)
• Right to lodge a complaint with a supervisory authority (Article 77 GDPR). For the MPG, this is BayLDA (Bavarian Data Protection Authority), Postfach 606, 91511 Ansbach.