ATTO - Policy

Data protection declaration

Last update: 23.05.2018

 

The Max Planck Society for the Advancement of Science e.V. (registered society) takes the protection of your personal data very seriously. In this data protection information we inform you about the most important aspects of data processing in the context of the use of the ATTO data management system. The ATTO data portal is based on the data management platform BEXIS 2.

 

A. General information

1. Contact details of the person responsible for data processing

The Max Planck Society for the Advancement of Science e.V. is responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations. (MPG) Hofgartenstraße 8, 80539 Munich, phone: +49 (89) 2108-0, www.mpg.de

 

2. Contact data of the data protection officer

The data protection officer of the responsible society is Heidi Schuster, Hofgartenstraße 8, 80539 Munich, phone: +49 (89) 2108-1554, e-mail: datenschutz@mpg.de

 

3. Scope of data processing

We only collect and use personal user data to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users takes place regularly with the consent of the users. An exception applies in such cases in which the processing of the data is permitted by legal regulations.
The personal data entered by you in the ATTO data portal will be stored and processed exclusively for the purpose of data management of scientifically collected data of the ATTO project.

Fields marked with * are mandatory fields which are required for registration in the data management system. If you do not provide us with this information, you will not be able to sign in to the data management system. The legal basis for processing is Art. 6 § 1 lit. f) GDPR (balancing of interests).

Fields not marked with an * can be filled in voluntarily. By filling in the voluntary fields you give us your consent to store and process this data exclusively for the purpose of user administration of the data management system. In these cases, the legal basis for processing is article 6(1)(a) DSBER (consent of the data subject).

 

4. Data deletion and storage times

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which the MPG is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

5. Your rights

Once you create a dataset and depending on the Metadata you Via your personal access to the data management system you can view, change or delete your entered data at any time. Your access is protected by your own login name and a password of your choice.

In principle, you have the rights to information (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 § 1 GDPR), processing restrictions (Art. 18 GDPR), data transferability (Art. 20 GDPR) and revocation of consent (Art. 7 § 3 GDPR).

To assert your rights, please contact the
Max Planck Institute for Biogeochemistry
Hans Knöll STR. 10
07745 Jena, Germany
Phone: +49 (0)3641 57 - 60, https://www.bgc-jena.mpg.de/

If you believe that the processing of your personal data violates data protection law or your data protection claims have otherwise been violated in any way, please contact the data protection officer of the Max Planck Society at datenschutz@mpg.de. The supervisory authority responsible for the Max Planck Society is the Bavarian Data Protection Authority, P.O. Box 606, 91511 Ansbach.

 

B. Provision of the website and creation of log files

Every time the website is accessed, our server and applications automatically collect data and information from the computer system of the calling computer.
The following data will be collected temporarily:

• Date of access
• Name of the operating system installed on the accessing device
• Name of the browser used
• Source system used for access
• The IP address of the accessing device

The data is stored in the log files of our systems. This data is not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6 § 1 lit. f GDPR. The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the websites, to eliminate malfunctions and to ensure the security of our information technology systems. Pursuant to Art. 6 § 1 lit. f GDPR, our legitimate interest in data processing also lies in these purposes. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after nine days at the latest.

The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

C. Use of cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables a unique identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website technically require that the calling browser can be identified even after a page change. For this purpose we use so-called "session cookies".

The legal basis for the processing of personal data using cookies is Art. 6 § 1 lit. f GDPR. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies.

The user data collected by technically necessary cookies are not used to create user profiles. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 § 1 lit. f GDPR.

The user data collected by technically necessary cookies are not used to create user profiles. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Art. 6 § 1 lit. f GDPR.

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

 

D. Registration

On our websites we offer users the possibility to register by entering personal data via an input mask. As a rule, we collect your e-mail address, surname and first name. We will inform you about the specific processing of your data as part of the registration process and obtain your consent. In addition, reference is made to this data protection declaration.
The legal basis for the processing of data is Art. 6 § 1 lit. a GDPR if the user has given his consent. If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 § 1 lit. b GDPR. A registration of the user is necessary for the provision of certain contents and services on our website or for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration on our websites is cancelled or changed. This is the case for the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time; the procedure is described in more detail in the specific registration process. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.

 

E. Information collected by defining metadata

Once you create a dataset and depending on the Metadata you choose, BEXIS 2 provides a form that let you collect information related to the dataset. The fields in a form are either optional or mandatory. BEXIS 2 uses this information to provide a more accurate and detailed search function.

 

F. Information collected by uploading data

Once you upload data to a dataset, you or an administrator (via administrator part) can control access the access of your data to other users or groups. Other users or groups could be granted rights to view, download, and update or upload to your primary data, delete your dataset or to give permission to other users or groups.

 

G. Rights of the affected person

As a person whose personal data is collected in the context of the above-mentioned services, you generally have the following rights, insofar as no legal exceptions apply in individual cases:

• Information (Art. 15 GDPR)
• Correction (Art. 16 GDPR)
• Deletion (Art. 17 Abs. 1 GDPR)
• Limitation of processing (Art. 18 GDPR)
• Data transferability (Art. 20 GDPR)
• Opposition to processing (Art. 21 GDPR)
• Revocation of consent (Art. 7 clause. 3 GDPR)
• Right of appeal to the supervisory authority (Art. 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority, P.O. Box 606, 91511 Ansbach.