Data protection information

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with the applicable data protection legislation and, as a matter of principle, only to the extent that this is necessary to provide a functioning website and our content and services. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following sections, we explain which data we record when you visit one of our websites, and how exactly they are utilized:

A. Provision of the website

1. Visiting the website

a. Type of data

Each time you visit our website, our service and applications automatically record data and information from the system of the visiting device.

The following data are gathered temporarily:

• Your IP address
• Date and time of your access to the website
• Address of the page visited
• Address of the previously visited website (referrer)
• Name and version of your browser/operating system (if transmitted)

These data are stored in our systems' log files. There is no storage of these data together with other personal data relating to the user.

b. Legal basis

The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also serve to optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.
The recording of data for the provision of the website and the storage of data in log files are essential to operate the website. It is therefore not possible for the user to object.

c. Data deletion

The data are deleted as soon as they are no longer required in order to fulfil the purpose of their collection. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the event that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting device.

2. User-friendly website design

a. Type of data

Our website uses cookies. Cookies are text files which are saved in or by the internet browser on the users’ systems. If a user accesses a website, a cookie can be saved on the user's system. These cookies contain a characteristic string of characters which enables definitive identification of the browser the next time the website is accessed.

We use cookies in order to make our website more user-friendly. It is a technical requirement of certain elements of our website that the accessing browser can also be identified after a page change. In the process, the following data are saved and transmitted in the cookies:

• Language settings (localization) of the browser, also when changing pages (functionality of the language switch): Sessioncookie i18next
• Session data (click path, pages visited, current language, remembering form data (terms used in the internal site search, entries in the contact form) as well as error messages for forms, if applicable): Sessioncookie mpg_session_r

Cookies are saved on your device and transmitted by the latter to our website. For this reason, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. This can also happen on an automated basis. If cookies are deactivated for our website, the full range of functions of the website may not be entirely available for use.

b. Legal basis

The legal basis for the processing of personal data by means of cookies is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 of the German Act an Data Protection and Protection of Privacy in Telecommunications and Digital Services [TDDDG]. Some of the functions of our website cannot be offered without the use of cookies. For these, it is absolutely necessary that the browser is recognized even after a page change.

c. Data deletion

The cookies are deleted after closing the session.

B. Web analysis

1. Type of data

We use the web analytics programme Matomo for statistical data collection in relation to utilization behaviour; this programme uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Every time our website is accessed, our system logs the following data and information from the computer system of the accessing device:

• IP address, anonymized by means of abbreviation
• Two cookies to distinguish between different visitors: pk_id and pk_sess
• Previously visited URL (referrer) if communicated by the browser
• Name and version of the operating system
• Name, version and language setting of the browser.

The following data are collected additionally if JavaScript is activated:

• URLs visited on this website
• Times of page visits
• Type of HTML requests
• Screen resolution and colour depth
• Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears).

The saving and analysis of data is carried out solely on a central server operated by the MPG.

It goes without saying that you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:

1. In your browser, activate the Do-Not-Track setting. As long as this setting is active, our central server will not save any of your data. Important: Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
2. Use our opt-out function. Click on the check mark in the following selection box under https://www.mpg.de/datenschutzhinweis/datenerhebung-deaktivieren in order to stop or reactivate data collection. As long as the selection box is deactivated, our central server will not save any of your data. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.

There is no storage of these data together with other personal data relating to the users.

2. Legal basis

The legal basis for the processing of personal data by means of cookies is Art. 6 (1) lit. f GDPR as well as § 25 para. 2 no. 2 TDDDG. The processing of the users' personal data enables us to analyze the usage behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our websites. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. By anonymizing the IP address, the users' interest in the protection of their personal data is sufficiently taken into account.

3. Data deletion

The data are deleted after the final annual totals have been arrived at for access statistics.

C. Measures for the secure use of forms

1. Prevention of the misuse of forms

a. Type of data

To prevent any misuse of forms, the Friendly Captcha function is used. Friendly Captcha serves to exclude mass machine use of the forms offered:

• Newsletter sign-up,
• Contact form,
• Registration for subscription management.

When a form containing Friendly Captcha widget is called up, a puzzle request will be automatically sent from the user´s device. In the course of this process, the following log data is collected by Friendly Captcha:

•  The request headers User-Agent, Origin and Referer.
• The puzzle itself, which contains information about the account and site key it is related to.
•  The version of the widget.
• A timestamp

Friendly Captcha stores an anonymized counter per IP address for dynamic puzzle difficulty on the edge network to detect malicious users and minimize blocking legitimate users. This data is stored entirely separately from the rest of the data and cannot be correlated to specific websites or anything else. We anonymize IP addresses using a one-way hash of certain values so they cannot be personally identified.

Within the use of Friendly Captcha, no other information or personal data, such as your name, email address and online profiles, will be asked for.

b. Legal basis

The legal basis for the processing of personal data by means of Friendly Captcha is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG. Friendly Captcha is used to ensure the functional capability of the forms and prevent their misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use of Friendly Captcha is absolutely necessary in order to operate the mentioned forms. It is therefore not possible for the user to object.

c.Data deletion

The data collected when using Friendly Captcha is anonymized.

2. Securing communication through forms

a. Type of data

To protect the integrity of the data entered into a form while the form is being transmitted, a digital token is retrieved from the MPG servers and transmitted back when the completed form is submitted. The token is not stored on the users’ devices.

The token csrf_token is used to secure the communication through the following forms:

• Newsletter sign-up,
• Contact form,
• Registration for subscription management

b. Legal basis

The legal basis for the data processing is Art. 6 (1) lit. f GDPR as well as § 25, para. 2, no. 2 TDDDG . The token is used to ensure the security of communication through forms and prevent misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR. The use of the token is absolutely necessary in order to operate the mentioned forms. It is therefore not possible for the users to object.

c. Data deletion

The MPG does not store any data when using the token.

D. Data transmission

The management and storage of your personal details is carried out by selected services

• Alphabet (Google Maps & Youtube)
• Amazon
• X

within the scope of commissioned data processing on systems of our service providers.

Your personal data are only transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data are not shared with third parties for any other purposes.

E. YouTube

On some pages, our website uses external links to videos on the YouTube platform that are not directly embedded in the pages. The external links are provided with a preview image generated via an API service provided by YouTube.

All YouTube content displayed on this website is subject to YouTube's terms of use. By accessing this content, users of this website accept these terms of use.

YouTube's terms of use can be viewed at the following link:
https://www.youtube.com/t/terms

The data protection declaration (Google PrivacyPolicy) can be accessed at the following link:
https://policies.google.com/privacy?hl=en

F. General details

1. Contact details of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the

Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich, Germany
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/kontakt/anfragen
Internet: https://www.mpg.de

2. Data Protection Officer's contact details

The controller’s Data Protection Officer can be reached as follows:

Data Protection Officer of the MPG
Hofgartenstrasse 8
D-80539 Munich, Germany
Telephone: +49 (89) 2108-1554
datenschutz@mpg.de

G. Rights of the data subjects

As a data subject whose personal data are collected in the context of the above-mentioned services, you generally have the following rights unless legal exceptions apply in individual cases:

• Information (Article 15 GDPR)
• Correction (Article 16 GDPR)
• Deletion (Article 17 (1) GDPR)
• Restriction of processing (Article 18 GDPR)
• Data transmission (Article 20 GDPR)
• Revocation of processing (Article 21 GDPR)
• Revocation of consent (Article 7 (3) GDPR)
• Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postfach 1349, 91504 Ansbach, Germany.

H. Newsletter

If you have chosen a personalized service, such as you subscribed to our newsletter service, which will inform you regularly (about 4-5 times a year) about publications, recent research results, events or institute events, your required registration data will be saved. These are usually your e-mail address, surname, and first name as well as your institutional affiliation. Your information will only be used to provide the desired service to your satisfaction and to be able to clarify any queries. If you no longer want to use the newsletter, your personal data will be deleted after your cancellation. If you wish to unsubscribe from a subscribed newsletter, you can either send us an e-mail (presse@ie-freiburg.mpg.de) or cancel it by using the link at the end of each newsletter message. After you have canceled your subscription, your personal data will be deleted.

Technical background of the newsletter:

Newsletter Service provider: For the distribution of the newsletter we use the services of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. Your data will be transmitted to the service provider CleverReach. CleverReach is prohibited from selling and using your data for purposes other than sending the newsletter. However, CleverReach can handle the data of the recipients in pseudonymous form, i.e. without assignment to a user, and use it to optimize their services (for example, presentation of emails, technical optimization of the distribution process). You can view the privacy policy of CleverReach here: https://www.cleverreach.com/de/datenschutz/. The usage of the newsletter service provider is based on our legitimate interests acc. Art. 6 para. 1 lit. f. GDPR and a contract processing agreement acc. Art. 28 (3) sentence 1 GDPR.

Registration: In order to register for our newsletter, your e-mail address is sufficient. Optionally, we ask you to provide a name as well as your institutional affiliation. The data marked as mandatory in the registration form are required to process your registration. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after signing up on our website, you will receive an e-mail from us asking you to confirm your registration and email address. This way, we make sure that you are the owner of the given e-mail address and agree with to be the receipt of the newsletter. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes saving the timestamp of your registration and confirmation as well as your IP address.

reCaptcha: To avoid misuse of the sign up form for the newsletter, we us the reCaptcha feature of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (Privacy Policy: https://www.google.com/policies/privacy/). reCaptcha serves to prevent mass machine use of the contact form by inserting image-based questions which only a human being can answer. reCaptcha is an embedded JavaScript, which establishes a connection to the provider's servers when the contact form is accessed. The provider thereby at least receives information that you have visited the contact form as well as, potentially, other information that your web browser and the device you are utilizing discloses. You can obtain information about the data processing at the provider through a reference on the contact form.

Performance measurement: CleverReach offers evaluation options, whether the newsletter was opened and which links were used. This also includes technical information such as browser information, IP address or time of retrieval. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our goal nor that of the newsletter service provider CleverReach to observe individual users. The evaluation options serve us to recognize the reading habits and helps us to adapt our contents to provide the desired service to your satisfaction.

By subscribing to our newsletter via the double-opt-in procedure, you agree to the receive our newsletter and to the procedures described.

I. Integration of external services

Also, the integration of external services such as Google Maps for route maps, Amazon Cloud or X (former twitter) is always undertaken in a considerate manner and with the aim of making your visit on our websites as pleasant as possible. We must advise you, however, that your IP address and perhaps other data related to your person will be transmitted to the service provider concerned (Google, Amazon etc.) and may be stored or analyzed there.

Amazon Cloud
To embed videos we are using the Amazon Cloud of the provider, Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA. Privacy Policy: https://aws.amazon.com/en/privacy/.
Google Maps
We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/.
X
Our website also includes features and content of X (former twitter) offered by the X Internet Unlimited Company., Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND. For this, e.g. contents such as pictures, videos or texts, and buttons by which users view contents of the MPI IE account or can interact (like) with are used (X widget). If the users are members of the platform X, X can assign contents viewed to the profiles of the users. When using X or viewing the X widget on our website, personal information is collected by X. Information about which data is collected, processed and used by X, please see the X privacy policy: https://x.com/en/privacy. X does not provide the personal data collected by X to the MPI-IE.

All services mentioned here, adhere to the principles of the EU-U.S. Data Privacy Framework (https://www.dataprivacyframework.gov/) for the collection, use, transfer, and storage of personal data from the European Union, thereby providing a European-level guarantee to comply with data protection law.

J. Online presence in social media

The MPI of Immunobiology and Epigenetics maintains accounts within social networks (currently: X/Twitter, LinkedIn, Facebook & Instagram, Bluesky & Mastodon, Xing) to communicate with those who are interested in our work and to inform them about our research topics and events. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines of the respective platforms (currently: X/Twitter, LinkedIn, Facebook & Instagram, Bluesky & Mastodon, XING) apply.

Unless otherwise stated in our privacy policy, we only process user data as long as we communicate with users within social networks and platforms, e.g. Write posts on our online presence or send us messages. All services mentioned here, adhere to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/list) for the collection, use, transfer, and storage of personal data from the European Union, thereby providing a European-level guarantee to comply with data protection law. 

Here we have compiled the legally required information on data processing in accordance with Art. 14 GDPR.