MPI TAX

Data Protection

Data protection information

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data collected during visits to our website, observing the currently valid provisions under data protection law as amended.  We neither publish your data nor transmit them to third parties unauthorized. In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:

A.    General information

 1.    Scope of data processing
We only ever collect and use personal data to the extent required in order to provide a functional website which presents as well as our content and services. The collection and utilization of our users' personal data is carried out regularly based on with the users' consent. An exception applies in instances where processing of the data is permitted by statutory provisions.

 2.    Legal basis of data processing

If we obtain the consent of the data subject to carry out personal data processing, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR).

When it is necessary to process personal data in order to fulfil a contract whose contractual party the data subject is, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures.

If processing is required in order to safeguard a legitimate interest of the MPG or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject override the first-mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.

 

 3.    Data deletion and storage duration
The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the MPG is subject. Data is also blocked or erased if the retention period prescribed by the above-mentioned legislation expires, unless the data is required to be stored for longer for the purpose of concluding or performing a contract.

 4.    Contact details of the individuals responsible
The controller as defined by the EU General Data Protection Regulation (GDPR) as well as other data protection laws and provisions under data protection legislation is:
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-0
Contact form: www.mpg.de/kontakt/anfragen
Internet: www.mpg.de

 5.    Data Protection Manager's contact details
The controller´s Data Protection Manager is
Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-1554
datenschutz@mpg.de

B.    Provision of the website and creation of log files

Every time our website is accessed, our servers and applications automatically log data and information from the accessing computer system.

The following data are gathered temporarily:
•    Your IP address
•    Date and time of your access to the website
•    Address of the page visited
•    Address of the previously visited website (referrer)
•    Name and version of your browser/operating system (if transmitted)

These data are stored in our systems' log files. These data are not stored together with other personal data relating to the user.

The legal basis for the temporary saving of data and logfiles is Article 6, para. 1, lit. f GDPR. Data is saved in log files in order to ensure the functional capability of the websites. In addition, the data serves to optimize the websites, eliminate faults and ensure the security of our IT system. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in logfiles, this applies after a maximum of seven days.

Data collection for the purpose of providing the website and the saving of data in log files are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.

C.    Web analysis

We use the web analytics programme Matomo (formerly: Piwik), for the statistical data collection in relation to utilization behavior; this programme uses cookies and JavaScript to collect various information on your computer and transmit this automatically to us. Every time our website is visited, our system logs the following data and information from the accessing computer system:
•    IP address, anonymized by shortening
•    Two cookies to differentiate different visitors (_pk_id and _pk_ses)
•    Previously visited URL (referrer), if communicated by the browser
•    Name and version of the operating system
•    Name, version and language setting of the browser

Additionally, if JavaScript is activated:
•    URLs visited on this website
•    Times at which pages are visited
•    Type of HTML queries
•    Screen resolution and colour depth
•    Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, Realplayer, Director, SilverLight, Google Gears)

Data is stored and evaluated exclusively on a central server operated by the Max-Planck-Institute for Tax Law and Public Finance.

The legal basis for the processing of users' personal data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyse our users' utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. The anonymization of the IP address sufficiently meets the users´interest in the protection of their personal data.

The data is deleted after the final annual totals have been arrived at for access statistics.

Of course, you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:

1. In your browser, activate the do-not-track settings. If this setting is active, our central server does not save any of your data. Important: Do-not-track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate do-not-track separately on each one.

2. Utilize our opt-out function. Click the selection box in order to stop data recording or to reactivate it. If the selection box is deactivated, our central server does not store any of your data. Important: We have to save a special recognition cookie in your browser for the opt-out function. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.

This data is not saved together with other personal data relating to the user.

D.    Use of cookies

Our website uses cookies. Cookies are text files which are saved in or by the internet browser in the user's computer system. If a user accesses a website, a cookie can be saved on the user's operating system. This cookie contains a characteristic string of characters, which enables definitive identification of the browser the next time the website is accessed.

We use cookies in order to make our website more user-friendly. It is a technical requirement of certain elements of our website that the accessing browser can also be identified after a page change.
The legal basis for the processing of personal data by means of cookies is Article 6, para. 1, lit. f GDPR and § 25 para. 2 no. 2 TTDSG. Some of the functions of our website cannot be offered without the use of cookies. For these to work, the browser absolutely has to be recognized after a page change. We require cookies for the following applications:

•    Web analytics: pk_ref , _pk_cvar , _pk_ses und _pk_id
•    Cookie consent: dp_cookieconsent_status und cookieconsent_status
•    Login in to the guest and the PhD programmes: ASP.NET_SessionId und .ASPXAUTH
•    Login into the extranet

The user data collected by technically required cookies is not used to create user profiles.

Cookies are saved on the user's computer and transmitted by the latter to our website. For this reason, you as the user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies, which have already been saved can be deleted at any time. This can also happen on an automated basis. If cookies our deactivated for our website, the full range of functions of the website may not be entirely available for use.

On our website we also use cookies that enable analysis of utilization behaviour. For details, please read the information under C.

E.    Contact form

On our website there is a contact form which can be used to make contact electronically. If a user makes use of this option, the data entered in the details entered in the input screen are transmitted to us, and saved. This generally consists of your e-mail address, last name and first name. We inform you about the concrete processing of your data in the course of the operation and obtain your consent accordingly. There is also a reference to this Data Protection Information. The data is used solely for processing the dialogue.

The legal basis for processing data in connection with use of the contact form is existence of the user's consent according to Article 6, para. 1, lit. a GDPR. Processing of personal data from the input screen serves the sole purpose of processing the contact request.  The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. This is the case when the relevant dialogue with the user is finished or the user's request has been dealt with. The dialogue is finished when circumstances indicate that the matter in question has been conclusively clarified. The user can withdraw their consent to the processing of personal data vis-à-vis the contact partners listed at any time.

F.    Registration as part of a funding application

The tax.mpg.de website offers users the opportunity to register with the MPG so that they can apply for funding. This involves entering personal data in an input mask. In this process, data are recorded that are necessary for the award-of-funding process. These are title, given and family name, together with contact details (address, email address, telephone), the focus of the research work, desired duration of stay, language skills, educational qualifications, other qualifications and training, application documents (CV, certificates, letters of recommendation, project description, photo (optional)), date of birth and information about additional income. We will inform you of exactly how these data will be processed during the registration process and ask you for your consent. In addition, reference will be made to this Data Protection Information.

The legal basis for processing data is the existence of the user´s consent according to Article 6, para. 1, lit. a GDPR. If registration serves to implement funding where the user is a party involved, or to carry out precontractual measures, an additional legal basis for the data processing is Article 6, para. 1, lit. b GDPR. It is necessary to register the user in order to be able to provide certain content and services on our website and/or to perform a contract with the user or to carry out precontractual measures, it is necessary for the user to be registered. The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. Where a registration is made for an application for funding or where precontractual measures are carried out, this is the case once the data is  no longer necessary for the application or the implementation of this and subsequent applications. Contractual or statutory obligations may require the contract partner’s personal data to be stored even after the funding has been concluded.

As a user, you can withdraw registration at any time. You can have the data relating to you altered at any time; the procedure is described in detail during the actual registration operation. If the data is  required to fulfil a contract or implement pre-contractual measures, premature deletion of the data is only possible if this is not prevented by contractual or statutory obligations.

G.    Online job applications

If you apply for a job with us only, a separate data protection notice applies. This can be found at the respective page of the job application portal.

H.    Data transmission

The management and storage of your personal details is carried out by selected services:

•    Contact Form (Section E)
•    Registration for the guest or the PhD programme (Section F)
•    Email information services (Section J)

Your personal data will only be transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data is not shared with third parties for any other purposes.

I.    Rights of individuals affected

As a data subject whose personal data is collected in connection with the above-mentioned services, you have the following fundamental rights unless legal exceptions apply in individual cases:
•    Access (Article 15 GDPR)
•    Rectification (Article 16 GDPR)
•    Erasure (Article 17, para. 1 GDPR)
•    Restriction of processing (Article 18 GDPR)
•    Data portability (Article 20 GDPR)
•    Objection to processing (Article 21 GDPR)
•    Withdrawal of consent (Article 7, para. 3 GDPR)
•    Rights to lodge a complaint with a supervisory authority (Article 77 GDPR). For the MPG, this is BayLDA (Bavarian Data Protection Authority), Postbox 1349, 91504 Ansbach.

J.    Email Information Services

The tax.mpg.de website allows you to subscribe to our free email information services such as the newsletter or information on our events. When you register, we receive the data entered in the form. As a rule, this means your email address and your first and last name. We inform you during the registration process of how exactly this data will be processed, and ask for your consent. In addition, reference is made to this data protection declaration. The data will be used exclusively for the purpose indicated.

The legal basis for the processing of the data after the user has registered for the newsletter is the user’s consent, according to Article 6, para. 1, lit. a GDPR. The data is recorded in order to enable us to provide you with the information requested. The data is deleted once it is no longer necessary to achieve the purpose for which it was collected. Accordingly, the user’s email address is stored as long as the subscription is active.

The Institute uses rapidmail to send the newsletter and event invitations by email. Your data will therefore be transmitted to rapidmail GmbH. It is prohibited for rapidmail GmbH to use your data for purposes other than sending the Institute’s emails. rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider which has been carefully selected in accordance with the requirements of the GDPR and the BDSG.

You can revoke your consent to the storage of the data and its use for email delivery at any time. For the newsletter and the event invitations, this can be done via an unsubscribe link in the message or via informal email (subscription@tax.mpg.de). The data will be deleted within 30 days.