ENSURE

European Security Revisited

Privacy Policy

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with the applicable data protection legislation and, as a matter of principle, only to the extent that this is necessary to provide a functioning website and our content and services. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following sections, we explain which data we record when you visit one of our websites, and how exactly they are utilized:

A. Provision of the website

  1. Visiting the website

a. Type of data

Each time you visit our website, our service and applications automatically record data and information from the system of the visiting device.

The following data are gathered temporarily:

  • Your IP address
  • Date and time of your access to the website
  • Address of the page visited
  • Address of the previously visited website (referrer)
  • Name and version of your browser/operating system (if transmitted)

These data are stored in our systems‘ log files. There is no storage of these data together with other personal data relating to the user.

b. Legal basis

The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website’s functionality. The data also serve to optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.

The recording of data for the provision of the website and the storage of data in log files are essential to operate the website. It is therefore not possible for the user to object.

c. Data deletion

The data are deleted as soon as they are no longer required in order to fulfil the purpose of their collection. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the event that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users‘ IP addresses are deleted or removed so they can no longer be allocated to the visiting device.

  1. User-friendly website design

a. Type of data

Our website uses cookies. Cookies are text files which are saved in or by the internet browser on the users’ systems. If a user accesses a website, a cookie can be saved on the user’s system. These cookies contain a characteristic string of characters which enables definitive identification of the browser the next time the website is accessed.

We use cookies in order to make our website more user-friendly. It is a technical requirement of certain elements of our website that the accessing browser can also be identified after a page change. In the process, the following data are saved and transmitted in the cookies:

  • Language settings (localization) of the browser, also when changing pages (functionality of the language switch): Sessioncookie i18next
  • Session data (click path, pages visited, current language, remembering form data (terms used in the internal site search, entries in the contact form) as well as error messages for forms, if applicable): Sessioncookie mpg_session_r

Cookies are saved on your device and transmitted by the latter to our website. For this reason, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. This can also happen on an automated basis. If cookies are deactivated for our website, the full range of functions of the website may not be entirely available for use.

b. Legal basis

The legal basis for the processing of personal data by means of cookies is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 of the German Act an Data Protection and Protection of Privacy in Telecommunications and Digital Services [TDDDG]. Some of the functions of our website cannot be offered without the use of cookies. For these, it is absolutely necessary that the browser is recognized even after a page change.

c. Data deletion

The cookies are deleted after closing the session.

B. Web analysis

  1. Type of data

We use the web analytics programme Matomo for statistical data collection in relation to utilization behaviour; this programme uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Every time our website is accessed, our system logs the following data and information from the computer system of the accessing device:

  • IP address, anonymized by means of abbreviation
  • Two cookies to distinguish between different visitors: pk_id and pk_sess
  • Previously visited URL (referrer) if communicated by the browser
  • Name and version of the operating system
  • Name, version and language setting of the browser.

The following data are collected additionally if JavaScript is activated:

  • URLs visited on this website
  • Times of page visits
  • Type of HTML requests
  • Screen resolution and colour depth
  • Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears).

The saving and analysis of data is carried out solely on a central server operated by the MPG.

It goes without saying that you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:

  1. In your browser, activate the Do-Not-Track setting. As long as this setting is active, our central server will not save any of your data. Important: Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
  2. Use our opt-out function. Click on the check mark in the following selection box under https://www.mpil.de/en/pub/service/privacy-policy/data-collection.cfm in order to stop or reactivate data collection. As long as the selection box is deactivated, our central server will not save any of your data. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.

There is no storage of these data together with other personal data relating to the users.

  1. Legal basis

The legal basis for the processing of personal data by means of cookies is Art. 6 (1) lit. f GDPR as well as § 25 para. 2 no. 2 TDDDG. The processing of the users‘ personal data enables us to analyze the usage behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our websites. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. By anonymizing the IP address, the users‘ interest in the protection of their personal data is sufficiently taken into account.

  1. Data deletion

The data are deleted after the final annual totals have been arrived at for access statistics.

C. Contact form

  1. Type of Data

On our website, there is a contact form which can be used to make contact electronically. If you make use of this option, the details entered in the input screen are transmitted to us and saved. This generally consists of your email address, last name and first name. We inform you about the concrete processing of your data in the course of the operation and obtain your consent accordingly. There is also a reference to this Data Privacy Statement. The data are used solely for processing the dialogue.

  1. Legal basis

The legal basis for processing data in connection with use of the contact form is your consent according to Art. 6 (1) lit. a GDPR. Processing of personal data from the input screen serves the sole purpose of processing the contact request. You have the option to withdraw your consent to the processing of personal data at any time vis-à-vis the listed contact persons.

  1. Data deletion

The data are deleted as soon as they are no longer required in order to fulfil the purpose of their collection. This is the case when the relevant dialogue with the user is finished or the processing of the user’s request has been finalized. The dialogue is finished when circumstances indicate that the matter in question has been conclusively clarified.

D. Measures for the secure use of forms

  1. Prevention of the misuse of forms

a. Type of data

To prevent any misuse of forms, the Friendly Captcha function is used. Friendly Captcha serves to exclude mass machine use of the forms offered

  • Contact form,
  • Registration for subscription management.

When a form containing a captcha is called up, a combination of numbers and letters is automatically sent from the user’s device. This data is deleted after the form is sent and is not saved.

  1. Securing communication through forms

a. Type of data

To protect the integrity of the data entered into a form while the form is being transmitted, a digital token is retrieved from the MPG servers and transmitted back when the completed form is submitted. The token is not stored on the users’ devices.

The token csrf_token is used to secure the communication through the following forms:

  • Newsletter signup,
  • Contact form,
  • Registration for subscription management

b. Legal basis

The legal basis for the data processing is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. The token is used to ensure the security of communication through forms and prevent misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use of the token is absolutely necessary in order to operate the mentioned forms. It is therefore not possible for the users to object.

c. Data deletion

The MPG does not store any data when using the token.

E. YouTube

On some pages, our website uses external links to videos on the YouTube platform that are not directly embedded in the pages. The external links are provided with a preview image generated via an API service provided by YouTube.

All YouTube content displayed on www.mpil.de is subject to YouTube’s terms of use. By accessing this content, users of www.mpil.de accept these terms of use.

YouTube’s terms of use can be viewed at the following link: https://www.youtube.com/t/terms

The data protection declaration (Google PrivacyPolicy) can be accessed at the following link: https://policies.google.com/privacy?hl=en

F. General details

  1. Contact details of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the

Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)

Hofgartenstrasse 8

D-80539 Munich, Germany

Telephone: +49 (89) 2108-0

Contact form: https://www.mpg.de/kontakt/anfragen

Internet: https://www.mpg.de

  1. Data Protection Officer’s contact details

The controller’s Data Protection Officer can be reached as follows:

Data Protection Officer of the MPG

Hofgartenstrasse 8

D-80539 Munich, Germany

Telephone: +49 (89) 2108-1554

datenschutz@mpg.de

G. Rights of the data subjects

As a data subject whose personal data are collected in the context of the above-mentioned services, you generally have the following rights unless legal exceptions apply in individual cases:

  • Information (Article 15 GDPR)
  • Correction (Article 16 GDPR)
  • Deletion (Article 17 (1) GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data transmission (Article 20 GDPR)
  • Revocation of processing (Article 21 GDPR)
  • Revocation of consent (Article 7 (3) GDPR)
  • Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postfach 1349, 91504 Ansbach, Germany.

Data Collection Opt-Out

For statistical data collection purposes, the Max Planck Society employs the web analytics tool Matomo (formerly Piwik). It is used by the central website www.mpg.de, but also by most of the Max Planck Institutes and by many project websites related to the Max Planck Society. The following instructions and settings are relevant for all websites utilising the central Matomo server of the Max Planck Society. A notice to this effect is included in the imprint of the concerned website.

Please tick the box below to stop the collection of data or to activate it again. As long as the box is deactivated, our central Matomo server will not store any data about you. Note: For the Opt-Out function we need to save a special recognition cookie to your browser. If you delete this cookie or use another computer / browser, please make sure to object to the collection of data again on this website.

 

Information on data processing in conformity with Art. 14 General Data Protection Regulation

1. Contact details of the controller

We, the Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG),Hofgartenstraße 8, D-80539 Munich, Tel.: +49 (89) 2108-0, provide the following social media websites:

As the provider of these websites, we, the Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V., work together with the provider of the respective social media platform in the sense of Art. 4 No. 7 of the General Data Protection Act (GDPR):

  • Meta Platforms Ireland Ltd. (Facebook)
  • Google Ireland Ltd. (YouTube)
  • LinkedIn Ireland Unlimited Company (LinkedIn)
  • Bluesky (Bluesky)
  • Mastodon (Mastodon)
  • Vimeo (Vimeo.com, Inc.)

When you visit our social media websites, the controller processes personal data. Below we will inform you of which data these are, how they are processed and what rights you have in this context. We as the controller of these websites have concluded agreements with the provider of the respective social media platform which e.g. set out the conditions for using the websites. The terms of use of the respective provider and the terms and conditions and guidelines listed there at the end are relevant here.

2. Use of insights and cookies

The providers of the social platforms also provide us with user statistics (so-called analytical services or page insights data) for our websites on the social media platforms based on the actions and interactions of our followers (e.g. likes, shares, comments etc., the number of following, individual page area access, scope of a contribution as well as statistics about the followers based on age, language, place of origin or interests), which help us to contact our followers and interested parties, understand the use and scope of our contributions, evaluate contents and identify user preferences and design our websites on the social media platforms to be as target-group-friendly as possible. We cannot influence or access the creation or processing of these user statistics and the underlying data; this is performed on the sole responsibility of the provider of the respective social media platform.

The provider of the respective social media platform receives, records and processes the information stored in the cookies. This also includes services provided by the provider or the provider group of the social media platforms as well as services provided by other companies that use the social media platforms and which are visited by the user. In addition, other positions such as partners or even third parties can use cookies on the social media platforms to provide services to the companies advertising on the social media platforms. For more information on the use of cookies by the provider, please see the latter’s Cookie Policy.

3. Contact details of the Data Protection Officer

The contact details of the MPG Data Protection Officer are: Hofgartenstraße 8, D-80539 Munich, Tel.: +49 (89) 2108-1554, Email: datenschutz@mpg.de

4. Purposes of data processing

The data entered on our websites on social media platforms such as comments, questions, videos, images, likes, public messages, job preferences and selection etc. are published by the provider of the social media platform and only used or processed by us for the purposes listed below. We reserve the right to delete contents, where necessary. If applicable, we will share our contents on our website, if this is a function of the website and communicate with you via the website.

The websites provided by us contain links to our other company sites on social media platforms. You can identify links to the websites of the social media platforms e.g. by the respective company logo. If you follow this link, you can reach our company sites on the respective social media platforms. When you click on a link to a social media platform, a connection is established with the servers of the social media platform. This informs us that you have visited our website. In addition, further data is transmitted to the providers of the social media platform. These are, for example:

  • Address of the website with the activated link
  • Data and time of the website access and activation of the link
  • Information about the browser and operating system used
  • IP address

If you are already logged into the respective social media platform at the time that you activate the link, the provider of this social media platform may be able to determine your user name or even your real name based on the transmitted data and attribute this information to your personal user account on the social media platform. You can prevent this allocation to your personal user account, if you log out of your user account first.

Establishing contact

You can contact us via several of our websites on social media platforms. We process your data in order to answer your query and, if applicable, to send you the requested information materials. Your data may also be transmitted to the position responsible for your query. This position may be a third party. A transmission only takes place, if we are authorized to carry out the transmission under data protection law.

If you send us a query on the social media platforms, we may, depending on the required response, also refer to other, secure communication channels which guarantee confidentiality.

You always have the option to send us confidential enquiries via our address listed under contact details.

Statistical evaluations

Information processing is intended to allow us as the provider of the social media website to receive statistics (so-called page insights data) which the provider of the social media platform makes available based on the visits to our website. For example, it enables us to gain knowledge about the profiles of the visitor who like our website or use the applications on our website, so that we can provide them with more relevant contents and develop functions which may be of greater interest to them.

In order for us to better understand how to use our website to better reach our interested users, the recorded information is also subjected to demographic and geographical analyses which are then made available to us. We can use this information in order to offer targeted interest-based contents without obtaining direct knowledge of the visitor’s identity. Where visitors use social media platforms on several devices, the recording and analysis can also be implemented across several devices, if these are registered users who are logged into their profiles.

The created visitors’ statistics are transmitted exclusively in an anonymized format. We do not have any access to the underlying data.

You can find more information on the processing of your personal data by the provider of the respective social media platform in the context of creating and processing user statistics by checking the information about user statistics on the following websites by the respective social media platform:

  • Meta Platforms Ireland Ltd. (Facebook)
  • Google Ireland Ltd. (YouTube)
  • LinkedIn Ireland Unlimited Company (LinkedIn)
  • Bluesky (Bluesky)
  • Mastodon (Mastodon)
  • Vimeo (Vimeo.com, Inc.)

5. Legal basis for data processing

We provide these social media websites in order to present ourselves to the users and other interested parties who visit our websites and to communicate with them. The personal user data are processed on the basis of our legitimate interests in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR).

6. Recipients or categories of recipients

We do not transfer the data to third parties.

The servers of the social media platforms are located in the USA and in other countries outside the European Union. As a result, the providers of the social media platform can also use the data in countries outside the European Union. Please note that companies in these countries are subject to data protection law that does not generally protect personal data to the same extent as is the case in the European Union.

Please note that we cannot influence the scope, type and purpose of the data processing by the provider of the social media platform. For more information on the use of your data by the social media platform linked to on our website, please see the privacy policies of the respective social media platforms:

7. Duration of storage

We do not save the data.

8. Rights of the data subject

You have the right to information about your data saved at the MPG, the right to correction of the data, if these are incorrect, the right to deletion of data stored inappropriately and the right to data portability. You also have the right to lodge a complaint with the supervisory authority. For the MPG, this is the Bavarian State Office for Data Protection Supervision [Bayerische Landesamt für Datenschutzaufsicht], PO Box 1349, 91504 Ansbach.

9. Source of data

The data are not collected directly from the data subjects but instead made available by the provider of the social media platform:

  • Meta Platforms Ireland Ltd. (Facebook, Instagram)
  • Google Ireland Ltd. (YouTube)
  • LinkedIn Ireland Unlimited Company (LinkedIn)
  • Mastodon (Mastodon)
  • Bluesky (Bluesky)
  • Vimeo (Vimeo.com, Inc.)