International tree mortality network

Privacy

Data protection information

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis.

In the following section, we explain which data we record when you visit one of our websites, and exactly how they are utilized:

A. General information

1. Scope of data processing

As a matter of principle, we gather and utilize users’ personal data only to the extent required to ensure the functioning of our website and of our contents and services. The gathering and utilization of our users’ personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.

2. Legal basis of data processing

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data to fulfil a contract whose contractual party is the individual affected, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.

If processing is required to safeguard the justified interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.

3. Data deletion and storage duration

The affected individual’s personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.

4. Contact details of the individuals responsible

The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the

Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/contact/requests
Internet: https://www.mpg.de

5. Data Protection Officer’s contact details

The Data Protection Officer at the entity responsible is

Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-1554
E-mail: datenschutz@mpg.de

B. Provision of the website and creation of log files

Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer.

The following data are gathered temporarily:

  • Your IP address
  • Date and time of your access to the website
  • Address of the page visited
  • Address of the previously visited website (referrer)
  • Name and version of your browser/operating system (if transmitted)

These data are stored in our systems’ log files. These data are not stored together with the user’s other personal data.

The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website’s functionality. The data also help us optimize the websites, eliminate malfunctions and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.

The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the instance that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users’ IP addresses are deleted or removed so they can no longer be allocated to the visiting client.

The recording of data for the provision of the website and the storage of data in log files is essential to operate the website. As a consequence, users do not have an option to revoke such data recording.

C. Web analysis

This WordPress site uses a number of plugins to. Here we provide an overview of these plugins, and what data they use.

iThemes Security

Security Logs

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

A QR code image is generated for users that set up two-factor authentication for this site. This image is generated using an iThemes hosted API. As part of generating this image, your username is sent to the API. This data is not logged. For privacy policy details, please see the iThemes Privacy Policy.

This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

Security logs are retained for 60 days.

Where we send your data
This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by ithemes.com. For privacy policy details, please see the iThemes Privacy Policy.

Complianz | The Privacy Suite for WordPress

This website uses the Privacy Suite for WordPress by Complianz to collect and record Browser and Device-based Consent. For this functionality, your IP address is anonymized and stored in our database. This service does not process any personally identifiable information and does not share any data with the service provider. For more information, see the Complianz Privacy Statement.

Forminator Forms

What personal data do we collect and why?
When visitors or users submit a form, we capture the IP Address for spam protection. We also capture the email address and might capture other personal data included in the Form fields.

By default Forminator retains all form submissions forever. 

All collected data might be shown publicly and we send it to our workers or contractors to perform necessary actions based on the form submission.

The legal basis for the processing of personal user data is Art. 6 para. 1 lit. f GDPR. By processing personal user data, we are able to analyse our users’ utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our web pages. This helps us improve our websites and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. Anonymizing the IP address means that user behaviour can no longer be attributed to a specific person.

The data is deleted after the final annual totals have been arrived at for access statistics.

It goes without saying that you have the opportunity to object to your data being collected. The following independent methods are available to you if you wish to object to data collection by the central server:

  1. In your browser, activate the Do-Not-Track setting. If this setting is active, our central server does not save any of your data. Important: Do-Not-Track generally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
  2. Use our opt-out function. If the selection box is deactivated, our central server does not save any of your data. Important: For the opt-out, we have to store a special recognition cookie in your browser. If you delete this or use a different PC/browser, you have to object to data collection once again on this page.

There is no storage of this data together with other personal data relating to the user.

D. Use of cookies

Our website uses cookies. Cookies are text files which are saved in or by the internet browser in the user’s computer system. If a user accesses a website, a cookie can be saved on the user’s operating system. This cookie contains a characteristic string of characters which enables definitive identification of the browser the next time the website is accessed.

Please check our Cookie Policy for all details.

E. Contact form

On our website there is a contact form which can be used to make contact electronically. If a user makes use of this option, the details entered in the input screen are transmitted to us and saved. This generally consists of your email address, last name and first name. We inform you about the concrete processing of your data in the course of the operation and obtain your consent accordingly. There is also a reference to this Data Protection Statement. The data is used solely for processing the dialogue.

The function Google reCAPTCHA is used in order to avoid misuse of the form. reCAPTCHA serves to prevent any automatic mass use of the contact form in that visual questions appear which can only be answered by a human being. reCAPTCHA is an embedded JavaScript which establishes a connection with the provider’s servers when the contact form is accessed. This at least supplies the provider with the information that you have visited the contact form, potentially also additional information revealing your web browser and the device you are using. You can find out details from a reference to data processing by the provider that is included in the contact form.

The legal basis for processing data in connection with use of the contact form is the existence of the user’s consent according to Art. 6 para. 1 lit. a GDPR. Processing of personal data from the input screen serves the sole purpose of processing the contact request. The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. This is the case when the relevant dialogue with the user is finished or the user’s request has been dealt with. The dialogue is finished when circumstances indicate that the matter in question has been conclusively clarified. The user can withdraw their consent to the processing of personal data vis-à-vis the contact partners listed at any time.

The legal basis for the processing of data by reCAPTCHA is Art. 6 para. 1 lit. f GDPR. reCAPTCHA is used to ensure the functional capability of the contact form and prevent its misuse. These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. The use of reCAPTCHA is absolutely necessary in order to operate the contact form. It is therefore not possible for the user to object.

F. Registration

On our web pages we offer users the opportunity to register by entering personal data via an input screen. Generally speaking, we ask for your email address, last name and first name. We inform you about the concrete processing of your data in the course of the registration operation and obtain your consent accordingly. There is also a reference to this Data Privacy Statement.

The legal basis for processing data is the existence of the user’s consent according to Art. 6 para. 1 lit. a GDPR. If registration serves to fulfil a contract of which the user is a contractual party or to implement pre-contractual measures, the additional legal basis for data processing is Art. 6 para. 1 lit. b GDPR. It is necessary to register the user in order to be able to provide certain content and services on our website, fulfil a contract with the user or implement pre-contractual measures. The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. This applies to the data collected during the registration operation if registration on our websites is withdrawn or altered. It applies to the registration operation to fulfil a contract or to implement pre-contractual measures if the data is no longer required in order to implement the contract. It may also be necessary to save the contractual partner’s personal data after conclusion of the contract in order to meet contractual or statutory requirements.

As a user, you can withdraw registration at any time. You can have the data relating to you altered at any time; the procedure is described in detail during the actual registration operation. If the data is required to fulfil a contract or implement pre-contractual measures, premature deletion of the data is only possible if this is not prevented by contractual or statutory obligations.

G. Data transmission

The management and storage of your personal details is carried out by selected services

  • Contact form (Section E)
  • Registration for registration management (Section F)

in the context of order processing, on the system of selected providers for content management and communication software.

Your personal data is only transmitted to public institutions and authorities if legally required or for the purpose of criminal prosecution due to attacks on our network infrastructure. The data is not shared with third parties for any other purposes.

I. YouTube Terms of Use

https://www.mpg.de integrates YouTube videos on some pages. The YouTube “Terms of Use” can be viewed at the following link: https://www.youtube.com/static?template=terms

J. Rights of individuals affected

As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:

  • Information (Article 15 GDPR)
  • Correction (Article 16 GDPR)
  • Deletion (Article 17 (1) GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data transmission (Article 20 GDPR)
  • Revocation of processing (Article 21 GDPR)
  • Revocation of consent (Article 7 (3) GDPR)
  • Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postfach 1349, 91504 Ansbach, Germany.