Privacy Policy

Table of Contents

A. General information
B. Provision of the website
C. Distributed computing
D. Data transfers
E. Rights of individuals affected

The Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites or while participating in the “Einstein@Home” volunteer computing project in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following section, we explain which data we record when you visit one of our websites or participate in “Einstein@Home”, and exactly how they are utilized:

A. General information

1 Scope of data processing

As a matter of principle, we gather and utilize users' personal data only to the extent required to ensure the functioning of our website and of our contents and services as well as the operation of “Einstein@Home”. The gathering and utilization of our users' personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.

2 Legal basis of data processing

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. In the processing of personal data to fulfil a contract whose contractual party is the individual affected, Article 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures. If processing is required to safeguard the justified interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.

3 Data deletion and storage duration

The affected individual's personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires, unless a necessity exists in relation to the further storage of the data for the arrangement of a contract or the fulfilment of a contract.

4 Contact details of the individuals responsible

The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG) Hofgartenstrasse 8 D-80539 Munich Telephone: +49 (89) 2108-0 Contact form: https://www.mpg.de/kontakt/anfragen Internet: https://www.mpg.de

5 Data Protection Manager's contact details

The Data Protection Manager at the entity responsible is Heidi Schuster Hofgartenstrasse 8 D-80539 Munich Telephone: +49 (89) 2108-1554 datenschutz-[at]-mpg.de

B. Provision of the website

1 Creation of log files

Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer. The following data are gathered temporarily:

Your IP address
Date and time of your access to the website
Address of the page visited
Processing action

These data are stored in our systems' log files. These data are not stored together with the user's other personal data. The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also help us optimize the websites, eliminate malfunctions and ensure our IT system security. Our legitimate interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes. The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the instance that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting client. The recording of data for the provision of the website and the storage of data in log files is essential to operate the website. As a consequence, users do not have an option to revoke such data recording.

2 Utilization of cookies

Our website utilizes cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a sequence of characters enabling the browser to be clearly identified when visiting the website again. We deploy cookies to make our website more user-friendly. Some elements of our website also technically require the identification of the visiting browser after a change of page. The following data are saved and transmitted in the cookies:

Session data: session cookie “SESS<random value>”
JavaScript availability: session cookie “has_js”

Both cookies are deleted when the session is closed. The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR. The purpose of utilizing technically necessary cookies is to simplify the utilization of websites for users. Some of our website's functions cannot be offered without the utilization of cookies. For these, it is necessary that the browser can also be re-identified following a change of page. We require cookies for the following applications:

User data gathered by technically necessary cookies are not utilized to prepare user profiles. Our justified interest in personal data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes. Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilization of cookies. You can deactivate or restrict the transmission of cookies through changing your Internet browser settings. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our website are deactivated, you may find not all of the website's functions can continue to be utilized in full.

3 Registration

On our websites, we offer users the option to register a personal user account providing for additional services, entailing the entry of personal data in a data entry form. We generally gather your email address and your desired user name or pseudonym. We inform you about the specific processing of the data and we obtain your consent as part of the registration procedure. Reference is also made to this data protection statement. Registering the user is necessary to provide certain contents and services on our website or to fulfil a contract with the user or to implement pre-contractual measures. Thus the legal basis for the processing of data is Article 6 (1) lit. b GDPR. The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. This is the case for data gathered during the registration process if the user account is deleted. In addition to that you have the option to create a public profile that provides additional background details about yourself, your opinion on “Einstein@Home”, your current residence (country, zip code), a profile image and the URL of your website. Any changes to user profile involve a moderation process. Publication will be granted by a member of our moderation team after a review of the profile changes. This is a measure to prevent a misuse of the profile feature to publish unwanted (illegal, offensive or advertizing) content. The legal basis for the processing of data is the user’s consent pursuant to Article 6 (1) lit. a GDPR, based on the voluntary informed creation of a profile by the user. As a user, you can cancel the registration at any time. You can have the data saved in connection with yourself modified at any time. If the data are required to fulfil a contract or to implement pre-contractual measures, early deletion of the data is possible only to the extent that no contractual or statutory obligations prevent such deletion.

4 Community features

Our online presence provides various community features that are described below. The use of any of those features is entirely optional. The legal basis for the processing of data is the user’s consent pursuant to Article 6 (1) lit. a GDPR, based on the user’s voluntary informed use of the respective feature.

a) Discussion forum

The discussion forums provide a means for users to discuss various topics among themselves or to get in contact with the project team itself. Users are entirely responsible for the content they provide and can be held accountable for any wrongdoing. For our own protection and to ensure the integrity and quality of our discussion forums we reserve the right to moderate (change, move, delete) any user postings. In addition to that our published forum guidelines apply. A list of your forum postings can be seen in your public user profile as it improves the ease of use for all users. When your user account is deleted your forum postings will be anonymized. Posts are not deleted automatically because they are embedded in discussions involving others. The retention of those discussion is part of our measure to ensure the quality of our discussion forums.

b) Discussion subscriptions

You have the option to subscribe to any discussion topic of interest. Doing so means you will get a notification by email in the event of a new post being added to a discussion topic. You can see and maintain your personal topic subscriptions in your account settings. The list of subscriptions is not made public. You can cancel a subscription at any time.

c) Private messages

Our website provides the means to exchange private messages with single or multiple other users. These messages are visible only to the users involved and are not subject to any moderation. Should you want to block messages by a certain user you can add that user to your list of ignored users as part of your account settings. Private messages are not deleted automatically to preserve historical conversations. You can delete messages manually at any time. When your user account is deleted all your private messages are being deleted for everyone involved.

d) Friendships

As a registered user you can engage in friendships with other users. You can submit a friendship request to add someone to your list of friends. The other user can choose to either accept or reject your request. Friendships are meant to facilitate the interaction with other users. The list of friends is part of your public user profile. When your user account is deleted any existing friendship associations are going to be mutually dissolved.

e) Teams

User can form or join Teams. Teams of typically groups of users that share common interests. Team can compete against each other in race-like competitions. Founders and members of teams are publicly visible. You can be a member of a single team only at any given time. When your user account is deleted your potential team membership is dissolved.

C. Distributed computing

The main goal of “Einstein@Home” is to support scientific data analyses via distributed volunteer computing, that is, using the idle time of computers provided by volunteers to process data. Apart from personal contact and profile data we gather during the registration process or via our website, we also acquire certain details about each computer you assign to our project via the BOINC software used by “Einstein@Home”. The acquisition of these data is required such that we can assign suitable tasks and analysis software to your individual computers. The legal basis for processing these data is thus Article 6 (1) lit. b GDPR since we can’t offer our distributed computing service without them. In addition to that these data also facilitate tracking down errors should there be any technical issues interacting with our project. Our legitimate interest pursuant to Article 6 (1) lit. f GDPR also lies in these purposes. We collect the following data for each of your computers:

Location details (time zone, domain name)
Processor details (vendor, model, performance, memory bandwidth)
Graphics card details (vendor, model, memory, performance)
Operating system details (product, version)
Memory details (RAM, cache, swap)
Hard-drive details (size, free space, space used by BOINC)
Network details (bandwidth, IP addresses)
Statistics (credit, connectivity ratio, error ratio, activity ratio, efficiency)
Processing details (tasks, BOINC version)

In order to facilitate error analysis in case of problems you can opt to make your list of computers publicly visible in your user account. Should you make your list of computers public any private details (e.g. IP addresses, time zone or domain name) will be excluded. When your user account is deleted all computers associated with your account are also going to be deleted. During active data analyses and interactions with our project our applications and servers collect and process data about the computer concerned.

Date and time of the request
The data request itself
User details (account, preferences)
Computer details (see above)

These data are stored as part of the log files of our systems. These data not stored together with any other personal information. The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the project’s functionality. The data also help us optimize our server services and data analysis applications, eliminate malfunctions and ensure our IT system security. Our legitimate interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes. The data are deleted as soon as they are no longer required to achieve the purpose for which they were gathered. If data are gathered for the provision of the website, this is the case if the respective visit is ended. In the instance that data are stored in log files, this is the case after seven days at the latest. Storage above and beyond this period is possible. In this case, the users' IP addresses are deleted or removed so they can no longer be allocated to the visiting client. The recording of data for the provision of the website and the storage of data in log files is essential to operate the volunteer computing project. As a consequence, users do not have an option to revoke such data recording.

D. Data transfers

Your personal data will only be conveyed to state institutions and authorities in legally essential cases or for criminal prosecution based on attacks on our network infrastructure. The data are not transmitted to third parties for other purposes than those described below.

1 Scientific cooperation

As part of a scientific cooperation your personal data is also processed by the University of Wisconsin-Milwaukee, Department of Physics, 3135 North Maryland Ave, Milwaukee, Wisconsin 53211, USA under a contract based on the EU standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers) under Directive 95/46/EC of the European Parliament and of the Council.

2 Statistics

The concept of volunteer computing comprises so called “credits”, motivational points awarded to users and their computers as a measure of the computational work done. This way users and teams can compete against each other in a sports-like fashion. External non-commercial services provide leaderboards based on statistical data provided by the various BOINC projects, including “Einstein@Home”. For this purpose we optionally share parts of your personal data with the following providers:

BOINCstats: https://boincstats.com
BOINC Combined Statistics: https://boinc.netsoft-online.com
BOINC-Games: https://www.boincgames.com
Czech National Team: https://statistiky.czechnationalteam.cz
Free-DC Distributed Computing Stats System: https://stats.free-dc.org
Gridcoin: https://gridcoin.us
GridRepublic: https://www.gridrepublic.org
Hard|DC: https://hard-dc.com
L'Alliance Francophone: https://statseb.boinc-af.org
Neil Munday: https://boinc.mundayweb.com/html/stats.php
SETI.Germany: https://www.seti-germany.de/boinc_pentathlon
SETIBZH: https://statsbzh.boinc-af.org

We share the following data with the providers above:

User:
- Account IDs, name, country, credit, team, project join date
Computer:
- System details (credit, time zone, project join date, associated user)
- Processor details (quantity, vendor, model, performance, memory bandwidth)
- Operating system details (product, version)
- Memory details (RAM, cache, swap)
- Hard-drive details (size, free space)
- Network details (bandwidth)
Team:
- Name, founder, credit, website, country, project join date

The lawful basis for processing and sharing of these data is Article 6 (1) lit. a GDPR. You may activate and thereby consent to the sharing of those data in your account settings. When your user account is deleted the providers listed above are automatically notified such that your personal data can also be deleted from the provider’s systems, according to Article 19 GDPR.

3 External services

We are using the service “ReCaptcha” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to protect input forms from malicious so called “bots”. The lawful basis for using “ReCaptcha” are our legitimate interests pursuant to Article 6 (1) lit. f GDPR. You may find the relevant privacy policy at https://www.google.com/policies/privacy. We are using the service “Gravatar” provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. You may find the relevant privacy policy at https://automattic.com/privacy. If you have a “Gravatar” account and used the same e-mail address at “Garvatar” as for your registration at “Einstein@Home” you have the option to personalize your forum postings and private messages with your “Gravatar” profile picture. When this feature is enabled your e-mail address gets securely send to “Gravatar” to check for the availability of a profile image. The lawful basis for processing is Article 6 (1) lit. a GDPR. You may activate and thereby consent to the sharing of those data in your account settings. In addition to that the display of “Gravatar” profile images on our website implies that your IP address is shared with “Gravatar” as part of the image-loading process. The lawful basis for processing is our legitimate interested pursuant to Article 6 (1) lit. f GDPR since “Gravatar” is used to increase the quality and attractiveness of the community section of our online service.

E. Rights of individuals affected

As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:

Information (Article 15 GDPR)
Correction (Article 16 GDPR)
Deletion (Article 17 (1) GDPR)
Restriction of processing (Article 18 GDPR)
Data transmission (Article 20 GDPR)
Revocation of processing (Article 21 GDPR)
Revocation of consent (Article 7 (3) GDPR)
Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postbox 606, 91511 Ansbach.