Privacy Notice

Privacy Notice

The following provides mandatory data concerning obligations with regard to data protection, as well as other important legal references involving the Internet site of the Max Planck Institute of Immunobiology and Epigenetics (www.ie-freiburg.mpg.de) as required by German law.

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:

A. General information

1. Scope of data processing

As a matter of principle, we gather and utilize users' personal data only to the extent required to ensure the functioning of our website and of our contents and services. The gathering and utilization of our users' personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.

2. Legal basis of data processing

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data to fulfil a contract whose contractual party is the individual affected, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.

If processing is required to safeguard the justified interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.

3. Data deletion and storage duration

The affected individual's personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.

4. Contact details of the individuals responsible

The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the

Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-0

Contact form: https://www.mpg.de/kontakt/anfragen
Internet: https://www.mpg.de 

5. Data Protection Manager's contact details

The Data Protection Manager at the entity responsible is

Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-1554

B. Provision of the website and creation of log files

Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer.

The following data are gathered temporarily:

  • Your IP address
  • Date and time of your access to the website
  • Address of the page visited
  • Address of the previously visited website (referrer)
  • Name and version of your browser/operating system (if transmitted)

These data are stored in our systems' log files. These data are not stored together with the user's other personal data.

The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also help us optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.

The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the instance that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting client.

The recording of data for the provision of the website and the storage of data in log files is essential to operate the website. As a consequence, users do not have an option to revoke such data recording.

C. Web analysis

For the statistical data recording of utilization behaviour, we deploy the Matomo web analysis program (formerly: Piwik), which utilizes cookies and JavaScript to collect various information on your computer and transmit it to us automatically. Each time you visit our websites, our system records the following data and information from the visiting computer's computer system:

  • IP address, anonymized by shortening
  • Two cookies to differentiate different visitors (pk_id and pk_sess)
  • Previously visited URL (referrer), if communicated by the browser
  • Name and version of the operating system
  • Name, version and language setting of the browser

Additionally, if JavaScript is activated:

  • URLs visited on this website
  • Times at which pages are visited
  • Type of HTML queries
  • Screen resolution and colour depth
  • Formats and techniques supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)

Data are stored and evaluated exclusively on a central server operated by MPG. Along with the central www.mpg.de website, it is utilized by most Max Planck institutes and many of the project websites allocated to MPG.

The legal basis for the processing of users' personal data is Article 6 (1) lit. f GDPR. Processing of users' personal data enables us to analyze our users' utilization behaviour. The evaluation of the data we obtain enables us to aggregate information about the utilization of our websites' individual components. This helps us constantly improve our websites and their user-friendliness. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes. The anonymization of the IP address sufficiently takes into consideration users' interest in the protection of their personal data.

The data are deleted after the formation of the conclusive annual sums for access statistics.

It goes that saying that you are able to revoke data gathering. You have the following independent possibilities to revoke data recording by the central server:

  1. In your browser, activate the do-not-track or do-not-follow settings. If these settings are active, our central server will not store any data relating to you. Important: The do-not-track instruction generally applies only for the device and browser in which you activate the setting. If you utilize several devices/browsers, you will need to separately activate do-not-track in all relevant locations.
  2. Utilize our opt-out function. Click the following selection box  https://www.mpg.de/privacy-policy/data-collection-opt-out in order to stop data recording or to reactivate it. If the selection box is deactivated, our central server will not store any data about you. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete it or utilize another PC/browser, you will need to revoke data recording again on this page.

These data are not stored together with the user's other personal data.

D. Utilization of cookies

Our website utilizes cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a sequence of characters enabling the browser to be clearly identified when visiting the website again.

We deploy cookies to make our website more user-friendly. Some elements of our website also technically require the identification of the visiting browser after a change of page. The following data are saved and transmitted in the cookies:

  • Language settings (localization) of the browser: session cookie i18next
  • Session data (click path, pages visited, current language, and, where relevant, error messages for forms: session cookie MPG_session_r

Both cookies are deleted when the session is closed.

The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR. The purpose of utilizing technically necessary cookies is to simplify the utilization of websites for users. Some of our website's functions cannot be offered without the utilization of cookies. For these, it is necessary that the browser can also be re-identified following a change of page. We require cookies for the following applications:

  • Transferring the browser's language setting: automatic selection of the homepage and spelling
  • Noting of form data entered: terms and entries in the contact form utilized in searches within the website (section F)

User data gathered by technically necessary cookies are not utilized to prepare user profiles. Our justified interest in personal data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.

Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilization of cookies. You can deactivate or restrict the transmission of cookies through changing your Internet browser settings. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our website are deactivated, you may find not all of the website's functions can continue to be utilized in full.

In addition, we also utilize cookies on our website to enable users' utilization behaviour to be analyzed. For more information on this topic, please refer to the information provided under C.

E. Newsletter

If you have chosen a personalized service, such as you subscribed to our newsletter service, which will inform you regularly (about 4-5 times a year) about publications, recent research results, events or institute events, your required registration data will be saved. These are usually your e-mail address, surname, and first name as well as your institutional affiliation. Your information will only be used to provide the desired service to your satisfaction and to be able to clarify any queries. If you no longer want to use the newsletter, your personal data will be deleted after your cancellation. If you wish to unsubscribe from a subscribed newsletter, you can either send us an e-mail (presse@ie-freiburg.mpg.de) or cancel it by using the link at the end of each newsletter message. After you have canceled your subscription, your personal data will be deleted.

Technical background of the newsletter:

Newsletter Service provider: For the distribution of the newsletter we use the services of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. Your data will be transmitted to the service provider CleverReach. CleverReach is prohibited from selling and using your data for purposes other than sending the newsletter. However, CleverReach can handle the data of the recipients in pseudonymous form, i.e. without assignment to a user, and use it to optimize their services (for example, presentation of emails, technical optimization of the distribution process). You can view the privacy policy of CleverReach here: https://www.cleverreach.com/de/datenschutz/. The usage of the newsletter service provider is based on our legitimate interests acc. Art. 6 para. 1 lit. f. GDPR and a contract processing agreement acc. Art. 28 (3) sentence 1 GDPR.

Registration: In order to register for our newsletter, your e-mail address is sufficient. Optionally, we ask you to provide a name as well as your institutional affiliation. The data marked as mandatory in the registration form are required to process your registration. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after signing up on our website, you will receive an e-mail from us asking you to confirm your registration and email address. This way, we make sure that you are the owner of the given e-mail address and agree with to be the receipt of the newsletter. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes saving the timestamp of your registration and confirmation as well as your IP address.

reCaptcha: To avoid misuse of the sign up form for the newsletter, we us the reCaptcha feature of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (Privacy Policy: https://www.google.com/policies/privacy/). reCaptcha serves to prevent mass machine use of the contact form by inserting image-based questions which only a human being can answer. reCaptcha is an embedded JavaScript, which establishes a connection to the provider's servers when the contact form is accessed. The provider thereby at least receives information that you have visited the contact form as well as, potentially, other information that your web browser and the device you are utilizing discloses. You can obtain information about the data processing at the provider through a reference on the contact form.

Performance measurement: CleverReach offers evaluation options, whether the newsletter was opened and which links were used. This also includes technical information such as browser information, IP address or time of retrieval. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our goal nor that of the newsletter service provider CleverReach to observe individual users. The evaluation options serve us to recognize the reading habits and helps us to adapt our contents to provide the desired service to your satisfaction.

By subscribing to our newsletter via the double-opt-in procedure, you agree to the receive our newsletter and to the procedures described.

F. Integration of external services

Also, the integration of external services such as Google Maps for route maps, Youtube, Amazon Cloud or twitter is always undertaken in a considerate manner and with the aim of making your visit on our websites as pleasant as possible. We must advise you, however, that your IP address and perhaps other data related to your person will be transmitted to the service provider concerned (Google, Amazon etc.) and may be stored or analyzed there.

Amazon Cloud
To embed videos we are using the Amazon Cloud of the provider, Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA. Privacy Policy: https://aws.amazon.com/en/privacy/.

Youtube
To embed videos, we use services of the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/.

Google Maps
We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/.

Twitter
Our website also includes features and content of the Twitter offered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For this, e.g. contents such as pictures, videos or texts, and buttons by which users view contents of the MPI IE account or can interact (like) with are used (Twitter widget). If the users are members of the platform Twitter, Twitter can assign contents viewed to the profiles of the users. When using Twitter or viewing the Twitter widget on our website, personal information is collected by Twitter. Information about which data is collected, processed and used by Twitter, please see the Twitter privacy policy: https://twitter.com/privacy. Twitter does not provide the personal data collected by Twitter to the MPI-IE.

All services mentioned here, adhere to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/list) for the collection, use, transfer, and storage of personal data from the European Union, thereby providing a European-level guarantee to comply with data protection law.

G. Online presence in social media

The MPI for Immunobiology and Epigenetics maintains accounts within social networks (currently: Twitter and LinkedIn) to communicate with those who are interested in our work and to inform them about our research topics and events. When calling the respective networks and platforms, the terms and conditions and the data processing guidelines of the respective platforms (currently: Twitter and LinkedIn) apply.

Unless otherwise stated in our privacy policy, we only process user data as long as we communicate with users within social networks and platforms, e.g. Write posts on our online presence or send us messages.

Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, Privacy Policy: https://twitter.com/privacy

Facebook 
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland), Privacy Policy: https://www.facebook.com/about/privacy/

LinkedIn
LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, Privacy Policy: https://www.linkedin.com/legal/privacy-policy

These social network do not provide the personal data collected to the MPI-IE.

All services mentioned here, adhere to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/list) for the collection, use, transfer, and storage of personal data from the European Union, thereby providing a European-level guarantee to comply with data protection law.

H.    Rights of individuals affected

As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:

  • Information (Article 15 GDPR)
  • Correction (Article 16 GDPR)
  • Deletion (Article 17 (1) GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data transmission (Article 20 GDPR)
  • Revocation of processing (Article 21 GDPR)
  • Revocation of consent (Article 7 (3) GDPR)
  • Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postbox 606, 91511 Ansbach.

View imprint

 
Go to Editor View
loading content