Data protection declaration
Last update: 23.05.2018
The Max Planck Society for the Advancement of Science e.V. (registered society) takes the protection of your personal data very seriously. In this data protection information we inform you about the most important aspects of data processing in the context of the use of the ATTO data management system. The ATTO data portal is based on the data management platform BEXIS 2.
A. General information
1. Contact details of the person responsible for data processing
The Max Planck Society for the Advancement of Science e.V. is responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations. (MPG) Hofgartenstraße 8, 80539 Munich, phone: +49 (89) 2108-0, www.mpg.de
2. Contact data of the data protection officer
The data protection officer of the responsible society is Heidi Schuster, Hofgartenstraße 8, 80539 Munich, phone: +49 (89) 2108-1554, e-mail: firstname.lastname@example.org
3. Scope of data processing
We only collect and use personal user data to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users takes place regularly with the consent of the users. An exception applies in such cases in which the processing of the data is permitted by legal regulations. The personal data entered by you in the ATTO data portal will be stored and processed exclusively for the purpose of data management of scientifically collected data of the ATTO project. Fields marked with * are mandatory fields which are required for registration in the data management system. If you do not provide us with this information, you will not be able to sign in to the data management system. The legal basis for processing is Art. 6 § 1 lit. f) GDPR (balancing of interests). Fields not marked with an * can be filled in voluntarily. By filling in the voluntary fields you give us your consent to store and process this data exclusively for the purpose of user administration of the data management system. In these cases, the legal basis for processing is article 6(1)(a) DSBER (consent of the data subject).
4. Data deletion and storage times
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by European or national legislators in EU regulations, laws or other regulations to which the MPG is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
5. Your rights
Once you create a dataset and depending on the Metadata you Via your personal access to the data management system you can view, change or delete your entered data at any time. Your access is protected by your own login name and a password of your choice. In principle, you have the rights to information (Art. 15 GDPR), correction (Art. 16 GDPR), deletion (Art. 17 § 1 GDPR), processing restrictions (Art. 18 GDPR), data transferability (Art. 20 GDPR) and revocation of consent (Art. 7 § 3 GDPR). To assert your rights, please contact the Max Planck Institute for Biogeochemistry Hans Knöll STR. 10 07745 Jena, Germany Phone: +49 (0)3641 57 - 60, https://www.bgc-jena.mpg.de/ If you believe that the processing of your personal data violates data protection law or your data protection claims have otherwise been violated in any way, please contact the data protection officer of the Max Planck Society at email@example.com. The supervisory authority responsible for the Max Planck Society is the Bavarian Data Protection Authority, P.O. Box 606, 91511 Ansbach.
B. Provision of the website and creation of log files
Every time the website is accessed, our server and applications automatically collect data and information from the computer system of the calling computer. The following data will be collected temporarily: • Date of access • Name of the operating system installed on the accessing device • Name of the browser used • Source system used for access • The IP address of the accessing device The data is stored in the log files of our systems. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of data and log files is Art. 6 § 1 lit. f GDPR. The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the websites, to eliminate malfunctions and to ensure the security of our information technology systems. Pursuant to Art. 6 § 1 lit. f GDPR, our legitimate interest in data processing also lies in these purposes. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after nine days at the latest. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
On our websites we offer users the possibility to register by entering personal data via an input mask. As a rule, we collect your e-mail address, surname and first name. We will inform you about the specific processing of your data as part of the registration process and obtain your consent. In addition, reference is made to this data protection declaration. The legal basis for the processing of data is Art. 6 § 1 lit. a GDPR if the user has given his consent. If registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 § 1 lit. b GDPR. A registration of the user is necessary for the provision of certain contents and services on our website or for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the data collected during the registration process if the registration on our websites is cancelled or changed. This is the case for the registration process to fulfill a contract or to carry out pre-contractual measures if the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. As a user you have the possibility to cancel the registration at any time. You can change the data stored about you at any time; the procedure is described in more detail in the specific registration process. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as there are no contractual or statutory obligations to the contrary.
E. Information collected by defining metadata
Once you create a dataset and depending on the Metadata you choose, BEXIS 2 provides a form that let you collect information related to the dataset. The fields in a form are either optional or mandatory. BEXIS 2 uses this information to provide a more accurate and detailed search function.
F. Information collected by uploading data
Once you upload data to a dataset, you or an administrator (via administrator part) can control access the access of your data to other users or groups. Other users or groups could be granted rights to view, download, and update or upload to your primary data, delete your dataset or to give permission to other users or groups.
G. Rights of the affected person
As a person whose personal data is collected in the context of the above-mentioned services, you generally have the following rights, insofar as no legal exceptions apply in individual cases: • Information (Art. 15 GDPR) • Correction (Art. 16 GDPR) • Deletion (Art. 17 Abs. 1 GDPR) • Limitation of processing (Art. 18 GDPR) • Data transferability (Art. 20 GDPR) • Opposition to processing (Art. 21 GDPR) • Revocation of consent (Art. 7 clause. 3 GDPR) • Right of appeal to the supervisory authority (Art. 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority, P.O. Box 606, 91511 Ansbach.