Privacy Notice

The Max Planck Society for the Advancement of Science e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our websites in accordance with applicable data protection regulations and only to the extent necessary to provide a functional website as well as our content and services. Your data will neither be disclosed nor transferred to third parties without authorization. Below, we explain which data we collect during your visit to our websites and how exactly these data are used:

A. Website Provision

1.     Website Access

a. Type of Data

Every time our website is accessed, our servers and applications automatically collect data and information from the accessing device’s system.

The following data are temporarily collected:

• • Your IP address
  • Date and time of your access to the page
  • Address of the accessed page
  • Address of the previously visited webpage (Referrer)
  • Name and version of your browser/operating system (if transmitted)

These data are stored in our system’s logfiles. No storage of these data together with other personal data of users takes place.

b. Legal Basis

The legal basis for the temporary storage of the data and logfiles is Article 6(1)(f) of the GDPR. The storage in logfiles serves to ensure the functionality of the website. Additionally, the data are used to optimize the website, troubleshoot issues, and ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) of the GDPR.

The collection of data for website provision and the storage of data in logfiles are essential for operating the website. Therefore, users do not have the right to object.

c. Data Deletion

Data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. In the case of data collected for website provision, this occurs when the respective session ends. For data stored in logfiles, deletion occurs after at most seven days. Further storage is possible. In such cases, users’ IP addresses are either deleted or anonymized so that the accessing device can no longer be identified.

2.     User-Friendly Website Design

a. Type of Data

Our website uses cookies. Cookies are text files stored in the internet browser or on the user’s system by the browser. When a user accesses a website, a cookie is stored on their device. Cookies contain a characteristic string that enables the unique identification of the browser upon subsequent visits to the website.

We use cookies to make our website more user-friendly. Some elements of our website require technical identification of the accessing browser even after a page change. The following data are stored and transmitted in cookies:

• • Browser language settings (localization), even after page changes (functionality of the language switcher): Session cookie i18next
  • Session data (click path, accessed pages, current language, saving form data (search terms used in internal search, inputs in contact form), and possibly error messages for forms): Session cookie mpg_session_r

Cookies are stored on your device and transmitted to our site by your device. Therefore, you, as a user, have full control over cookie usage. By changing settings in your internet browser, you can deactivate or restrict cookie transmission. This can also be automated. If cookies are deactivated for our website, not all website functions may be fully usable.

b. Legal Basis

The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR and § 25(2) no. 2 TDDDG. Some functions of our website cannot be offered without the use of cookies. It is essential that the browser is recognized again after a page change.

c. Data Deletion

Cookies are deleted after the session ends.

B. Web Analytics

3.     Type of Data

We use the web analytics program Matomo for statistical data collection on user behavior, which collects various information from your computer using cookies and JavaScript and automatically transmits it to us. When our webpages are accessed, our system collects the following data and information from the accessing device’s computer system:

• IP address, anonymized by truncation
• Two cookies to distinguish different visitors: pk_id and pk_sess
• Previously visited URL (Referrer), if transmitted by the browser
• Name and version of the operating system
• Name, version, and language settings of the browser

Additionally, if JavaScript is enabled:

• Visited URLs on this website
• Timestamps of page views
• Type of HTML requests
• Screen resolution and color depth
• Browser-supported technologies and formats (e.g., cookies, Java, Flash, PDF, Windows Media, QuickTime, RealPlayer, Director, Silverlight, Google Gears)

Data storage and evaluation occur exclusively on a central server operated by the MPG.

Of course, you have the option to object to data collection. You have the following independent options to object to data collection by the central server:

Enable the “Do-Not-Track” or “Do Not Follow” setting in your browser. As long as this setting is active, our central server will not store any data from you. Important: The Do-Not-Track instruction typically applies only to the device and browser in which you activate the setting. If you use multiple devices/browsers, you must activate Do-Not-Track separately on each.

Use our Opt-Out function. Click the checkbox in the following selection box at https://www.mpg.de/datenschutzhinweis/datenerhebung-deaktivieren to stop or re-enable data collection. As long as the checkbox is deactivated, our central server will not store any data from you. Important: For the Opt-Out, we must store a special recognition cookie in your browser. If you delete this cookie or use a different PC/browser, you must again object to data collection on this page.

No storage of these data together with other personal data of users takes place.

4.     Legal Basis

The legal basis for processing users’ personal data is Article 6(1)(f) GDPR and § 25(2) no. 2 TDDDG. Processing users’ personal data enables us to analyze user behavior. By evaluating the collected data, we can compile information about the use of individual components of our websites. This helps us continuously improve our websites and their user-friendliness. These purposes also constitute our legitimate interest in data processing under Article 6(1)(f) GDPR and § 25(2) no. 2 TDDDG. The anonymization of the IP address adequately respects users’ interest in protecting their personal data.

5.     Data Deletion

Data are deleted after the final annual summaries for access statistics have been compiled.

C. Contact

1.     Type of Data

Our website offers the possibility to contact us directly via email. If you use this option, we store the personal data transmitted via email (e.g., your email address, and possibly name and other details). We inform you about the specific processing of the data during contact and refer to this privacy policy. Data are used exclusively for processing your inquiry and related communication.

2.     Legal Basis

The legal basis for processing data when using the contact form is your consent under Article 6(1)(a) GDPR. Processing of personal data from the input form serves solely to handle your contact request. You may withdraw your consent to the processing of personal data at any time and contact the listed representatives.

3.     Data Deletion

Data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. This occurs when the respective conversation with the user is concluded or the user’s concern has been fully addressed. The conversation is considered concluded when it can be inferred from the circumstances that the matter has been finally clarified.

D. Newsletter

1.     Type of Data

Our website offers the possibility to subscribe to a free newsletter. During registration, the data from the input form are transmitted to us. These are typically your email address, name, and first name. We inform you about the specific processing of the data during the registration process and obtain your consent. We also refer to this privacy policy. Data are used exclusively for sending the newsletter.

For personalized content based on user interests and to measure our information outreach, we use tracking. During registration, each user can activate tracking (default: deactivated). Subsequently, each user can activate/deactivate tracking independently in their profile settings.

The following data are collected through tracking:

• Successful delivery of the newsletter
• Opening of the newsletter yes/no via tracking pixel (mini graphic in the newsletter)
  • Browser type, operating system type
  • Mobile device or standard device
  • User Agent (used email client)
  • IP address
  • Date and time of newsletter opening
• Links clicked in the newsletter

2.     Legal Basis

The legal basis for processing data after newsletter registration is the user’s consent under Article 6(1)(a) GDPR. Data collection serves to deliver the newsletter.

The legal basis for voluntary tracking is Article 6(1)(a) GDPR and § 25(1) TDDDG.

3.     Data Deletion

Your email address will be stored as long as your newsletter subscription remains active. The subscription can be canceled at any time by the affected user.

If a user consents to tracking, these data will be stored as long as the newsletter subscription remains active or until the user withdraws consent to tracking via their personal profile.

E. Social Media

1.     Type of Data

We use so-called social media buttons (also known as social media plugins) on our website. These are buttons that allow you to share our website content on social networks.

The social media buttons are integrated via the WordPress plugin Smash Balloon. Data are only transmitted to the respective social network if you actively click on a social media button. Only then is a connection established between your device and the servers of the respective provider. Particularly, the following data may be processed:

• Information that you accessed our website (including URL)
• Date and time of access/interaction
• IP address
• Browser/device information (e.g., operating system, language settings)
• Referrer information, if applicable

If you are logged into the respective provider’s account, the provider may associate your usage with your user account.

We use the following social media buttons:

1. X (formerly Twitter) – Share on X (Provider: X International Company; possible transmission to X Corp. and other recipients)
2. LinkedIn – Share on LinkedIn (Provider: LinkedIn; possible transmission to affiliated companies and other recipients)
3. Instagram – Share on Instagram (Provider: Meta Platforms Ireland Limited; possible transmission to Meta Platforms, Inc. and other recipients)

Data transfers to countries outside the European Union/European Economic Area may occur. The providers base such transfers, according to their statements, on standard contractual clauses approved by the European Commission; for Meta, adequacy decisions by the European Commission may also apply.

Further information can be found in the privacy policies of the respective providers:

• X: https://twitter.com/de/privacy (or privacy policy of X)
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Meta/Instagram: https://www.facebook.com/privacy/policy/ (or privacy policy of Meta)

2.     Legal Basis

The legal basis for processing personal data in connection with the use of social media buttons is your consent under Article 6(1)(a) GDPR and – where setting/reading information on your device is involved – § 25(1) TDDDG. You give consent by actively clicking the respective social media button.

3.     Data Deletion

We do not store personal data independently in connection with the use of social media buttons. Further processing and storage duration of the data lie within the responsibility of the respective provider; details can be found in the providers’ privacy policies.

F. Data Transfer

The management and storage of your personal information for selected services

• Contact (Section C)
• Newsletter (Section E)

are carried out within the framework of order data processing on the systems of our service providers.

Your personal data is only disclosed to state institutions and authorities in legally required cases or for criminal prosecution due to attacks on our network infrastructure. No other transfers to third parties for other purposes take place.

G. General Information

1.     Contact Details of the Responsible Party

The responsible party under the General Data Protection Regulation and other national data protection laws, as well as other data protection provisions, is:

Max Planck Society for the Advancement of Science e.V. (MPG)
Hofgartenstraße 8
D-80539 Munich
Phone: +49 (89) 2108-0
Contact form: https://www.mpg.de/kontakt/anfragen
Internet: https://www.mpg.de

2.     Contact Details of the Data Protection Officer

The data protection officer of the responsible party can be reached as follows:

Data Protection Officer of the MPG
Hofgartenstraße 8
D-80539 Munich
Phone: +49 (89) 2108-1554
datenschutz@mpg.de

H. Rights of Data Subjects

As a data subject whose personal data are collected in the context of the services described above, you generally have the following rights, unless specific legal exceptions apply:

• Right to information (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Article 17(1) GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object to processing (Article 21 GDPR)
• Right to withdraw consent (Article 7(3) GDPR)
• Right to lodge a complaint with a supervisory authority (Article 77 GDPR). For the MPG, this is the Bavarian State Office for Data Protection, Postbox 1349, 91504 Ansbach.