Attention: The English version of our privacy notice is for information purposes only. Only the German version is authoritative.
The Ernst Strüngmann Institute (ESI) for Neuroscience in Cooperation with Max Planck Society takes the protection of your personal data very seriously. We process personal data gathered when visiting our website, our social media channels, at events or during applications for jobs in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis. In the following sections, we explain which data we record when you visit our website, our social media channels, participate in an event or apply for a job, and exactly how they are utilized:
Contact details of the individuals responsible
The entity responsible in the meaning of the General Data Protection Regulation (GDPR) and other national data protection acts as well as other data protection legislation is the
Ernst Strüngmann Institute (ESI) for Neuroscience in Cooperation with Max Planck Society
Deutschordenstr. 46, 60528 Frankfurt am Main, Germany
Phone: +49 (0)69 96769 0
Contact details of the Data Protection Officer
Data Protection Officer, Ernst Strüngmann Institute (ESI) for Neuroscience in Cooperation with Max Planck Society
Deutschordenstraße 46, 60528 Frankfurt am Main, Germany
E-mail: datenschutz (at) esi-frankfurt.de
Rights of individuals affected
Individuals affected have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:
- Information (Article 15 GDPR)
- Correction (Article 16 GDPR)
- Deletion (Article 17, para. 1, GDPR)
- Restriction of processing (Article 18 GDPR)
- Data transmission (Article 20 GDPR)
- Revocation of processing (Article 21 GDPR)
- Revocation of consent (Article 7, para. 3, GDPR)
- Right to complain to the regulator (Article 77 GDPR). For the ESI, this is the Hessian Data Protection Authority: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden.
1. Scope of data processing
We only ever collect and use personal data to the extent required to provide a functional website as well as our content and services. The collection and utilization of our users’ personal data is carried out regularly with the users’ consent. An exception applies in instances where processing of the data is permitted by statutory provisions.
2. Legal basis for data processing
If we obtain the consent of the data subject to carry out personal data processing, the legal basis is Article 6, para. 1, lit. a EU General Data Protection Regulation (GDPR). When it is necessary to process personal data in order to fulfil a contract whose contractual party the data subject is, the legal basis is Article 6, para. 1, lit. b GDPR. This also applies to processing operations required in order to implement pre-contractual measures. If processing is required in order to safeguard a legitimate interest of the ESI or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject don’t override the first-mentioned interest, the legal basis for processing is Article 6, para. 1, lit. f GDPR.
3. Data erasure and duration of storage
The personal data of the data subject is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if this is required under European or national legislation in EU directives, laws or other provisions to which the ESI is subject. Data is also blocked or erased if the retention period prescribed by the above-mentioned legislation expires, unless the data is required to be stored longer for the purpose of concluding or performing a contract.
Die personenbezogenen Daten der betroffenen Person werden gelöscht oder gesperrt, sobald der Zweck der Speicherung entfällt. Eine Speicherung kann darüber hinaus erfolgen, wenn dies durch den europäischen oder nationalen Gesetzgeber in unionsrechtlichen Verordnungen, Gesetzen oder sonstigen Vorschriften, denen das ESI unterliegt, vorgesehen wurde. Eine Sperrung oder Löschung der Daten erfolgt auch dann, wenn eine durch die genannten Normen vorgeschriebene Speicherfrist abläuft, es sei denn, dass eine Erforderlichkeit zur weiteren Speicherung der Daten für einen Vertragsabschluss oder eine Vertragserfüllung besteht.
Every time our website is accessed, our servers and applications automatically log data and information from the accessing computer system. The following data is collected:
- Your IP address
- Date and time the page is accessed
- Address of the page accessed
- Address of the website visited previously (referrer)
- Name and version of your browser/operating system (if transmitted)
The data is saved in our systems’ logfiles. This data is not stored together with other personal data relating to the user.
The legal basis for the temporary saving of data and logfiles is Article 6, para. 1, lit. f GDPR. Data is saved in logfiles in order to ensure the functional capability of the website. In addition, the data serves to optimize the websites, eliminate faults and ensure the security of our IT systems. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR.
The data is deleted as soon as it is no longer required in order to fulfil the purpose of its collection. In the case of the collection of the data for the purpose of providing the website, this applies when the session in question is finished. In the case of saving data in logfiles, this applies after a maximum of seven days. Saving of data beyond this period is possible. In this case, users’ IP addresses are deleted or altered so that they can no longer be attributed to the accessing client.
Data collection for the purpose of providing the website and the saving of data in logfiles are absolutely necessary in order to operate the website. It is therefore not possible for the user to object.
Every time our website is accessed, our system logs the following data and information from the accessing computer system:
- IP address, anonymized by means of abbreviation
- Previously visited URLs (referrers), if transmitted by the browser
- Name and version of the operating system
- URLs visited on this website
- Times of page visits
- Type of HTML requests
The saving and analysis of data is only carried out on servers rented by ESI to run the website www.esi-frankfurt.de. The legal basis for the processing of personal user data is Article 6, para. 1, lit. f GDPR. By processing personal user data we are able to analyse our users’ utilization behaviour. Analysis of the data collected enables us to compile information on the use of the individual components of our website. This helps us to improve our website and their user-friendliness on an ongoing basis. These purposes also constitute our legitimate interest in data processing according to Article 6, para. 1, lit. f GDPR. Anonymization of the IP address sufficiently meets the users’ interest in the protection of their personal data.
The data is deleted after the final annual totals for the access statistics are formed.
Of course, you have the opportunity to object to your data being collected: In your browser, activate the Do-Not-Track setting. If this setting is active, our server does not save any of your data. Important: Do-Not-Trackgenerally only applies to the one device and browser on which the setting is activated. If you use several devices/browsers, you must activate Do-Not-Track separately on each one.
This data is not saved together with other personal data relating to the user.
1. Purpose and legal basis of the data processing
We process your personal data for the purpose of your application for an employment relationship, an apprenticeship or a trainee relationship. As far as your personal data are required for the performance of the application procedure, the legal basis for saving the data is Art. 88 GDPR in conjunction with § 26 (1) Federal Data Protection Act (BDSG). In case you have given additionally your explicit consent for the processing of your personal data for specific, optional purposes, the legal basis for this is § 26 (2) BDSG as well as Art. 6 para. 1a GDPR. A given consent can be withdrawn at any time (Art. 7 GDPR). Should it be necessary for legal prosecution, after the end of the application procedure, to store your data for a longer period of time this will be done to protect our legitimate interests in asserting or defending claims based on Art. 6 para. 1 lit. f GDPR. In addition, we check your required data against sanctions lists of the currently binding EU regulations. This is processing that is necessary for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR).
2. Recipient of the data
Your personal data will only be passed on to those internal departments that require this data to fulfil contractual and legal obligations, such as the personnel department, the department management, the respective interest groups. It will not be passed on to third parties.
3. Storage period
In case of a successful application, we transfer your data into your personal file and into our personnel management system. In the event of rejection, your data will be deleted at the latest six months after the end of the application procedure. If you give your explicit consent to the inclusion of your data in our applicant pool, they will be deleted after two years. If costs were reimbursed to you in connection with the invitation to an interview, we are legally obliged to keep the necessary accounting data for ten years. Within the scope of checking against sanctions lists, the respective legal periods are observed.
In order to hold (online) events, we collect and process personal data, for which various software solutions can be employed. If the event takes place online, video conferencing systems are used. Depending on the event format, we use other communication platforms or chat services, provide file exchange systems or use event management software.
1. Purpose and subjects of the data processing
The purpose of the data processing is the effective content-related and technical organization and implementation of (online) events such as conferences, workshops, lectures, discussions or talks. In order to organize the event, in some cases we collect names, contact details and institute affiliation of the participants. Depending on the format of the event, in addition to the aforementioned video conferencing systems, other software solutions such as chat or cloud systems may be provided to facilitate the smooth exchange of information and files between the persons participating in the event. Those affected by the data processing are the participants in our events. These can be employees of the ESI as well as external third parties (e.g. alumni, interested parties, conference participants, contractual partners).
2. Legal bases of data processing
If personal data of employees of the ESI is processed during the event, insofar as this is necessary for the establishment, implementation or termination of the employment relationship, § 26 BDSG is the legal basis for the data processing. In the context of contractual relationships with external third parties, Art. 6 para. 1 lit. b GDPR is the legal basis for the data processing. If there is no contractual relationship, Art. 6 para. 1 lit. f GDPR is the legal basis. Our legitimate interest here is the effective organization and implementation of the event. Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a GDPR is the legal basis.
3. Type of data processed and scope of processing
We collect and process the following data of the participants before or during the event: Name, title, contact details, gender, country, institute affiliation as well as content that participants provide us with (e.g. abstracts).
When using software solutions, especially if the event takes place online by means of video conferencing systems, different data can be additionally processed by the software providers. Essentially, the scope and type of data depend on the information you yourself provide before or during participation in the online event.
The following data may be processed by the software providers: Details of the user (e.g. name, e-mail address, password, institute affiliation), metadata (IP addresses, device information) and, in case of dial-in by telephone, phone number, country, start and end time of the dial-in. If the microphone and/or video camera are switched on, this data from your terminal device is also processed for the purpose of transmission during the meeting.
Shared content: Depending on the event format and software used, you yourself may share content such as files or presentations with other participants, which may then also become part of the processing. This also includes the use of survey, question or chat functions in the video conferencing solutions used.
(Online) events are not regularly recorded; should this be planned, you will be informed in advance and, if necessary, asked for your consent. The same applies to any publication of the recorded material.
4. Storage period and data deletion
The personal data that are the subject of processing are generally deleted when there is no need to prevent their deletion. This is regularly the case when the purpose for which the data was collected ceases to apply. If there is no requirement preventing the deletion, the data is regularly deleted before the end of one year after the end of the respective event. A requirement contrary to this may be, for example, the fulfillment of contractual services, the examination of warranty and guarantee claims as well as legal documentation and retention obligations.
As a matter of principle, we do not disclose personal data processed for the purpose of conducting an event to third parties unless it is intended for disclosure. The data intended for disclosure is that which is processed by the respective software solution used to fulfill the order. In most cases, you provide this data to the respective provider yourself and can thus determine its type and scope yourself.
We have concluded a data processing agreement (DPA) with all software providers whose services may be used, in accordance with Art. 28 GDPR. This regulates the manner in which the data is processed by the provider. If the provider is based in the USA, the EU standard contractual clauses are also part of the data processing agreement. These clauses regulate the lawful transfer of data to the USA. For information on how the individual providers process personal data, please consult their privacy notices as indicated below:
- Zoom:: Video conferencing service provided by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, California (95113), USA. Your data may be processed in a third country because Zoom is based in the US. See Zoom’s Privacy Statement.
- BigBlueButton: Open source self-hosted video conferencing service for internal communication with employees. Only employees with access to our network can participate on a regular basis. BigBlueButton Inc., 311 St. Patrick’s Building, 1125 Colonel By Drive Carleton University, Ottawa, Ontario K1S 5B6 Canada.
- RocketChat and Owncloud: Chat service und cloud service provided by GWDG, Am Faßberg 11, 37077 Göttingen, Germany. The data will not be processed in a third country. See GWDG‘s Privacy Notice.
The ESI provides the following social media websites:
- Facebook: https://www.facebook.com/ErnstStruengmannInstitut/
- Instagram: https://www.instagram.com/esi_frankfurt/
- Twitter: https://twitter.com/ESI_Frankfurt
- YouTube: https://www.youtube.com/channel/UC8dVlYpnAOLsX7AHDDilaKg
- LinkedIn: https://www.linkedin.com/company/ernst-struengmann-institute
As the provider of these websites, we work together with the provider of the respective social media platform in the sense of Art. 4 No. 7 GDPR as well as Art. 26 GDPR:
- Meta Platforms Ireland Ltd. (Facebook, Instagram)
- Google Ireland Ltd. (YouTube)
- LinkedIn Ireland Unlimited Company (LinkedIn)
- Twitter International Company (Twitter)
The providers of the social media platforms also provide us with user statistics (so-called analytical services or page insights data) for our websites on the social media platforms based on the actions and interactions of our followers (e.g. likes, shares, comments etc., the number of followers, individual page area access, scope of a post as well as statistics about the followers based on age, language, place of origin or interests), which help us to contact our followers and interested parties, understand the use and scope of our contributions, evaluate contents and identify user preferences and design our websites on the social media platforms to be as target-group-friendly as possible. We cannot influence or access the creation or processing of these user statistics and the underlying data; this is performed on the sole responsibility of the provider of the respective social media platform.
The data entered on our websites on social media platforms such as comments, questions, videos, images, likes, public messages, job preferences and selection etc. are published by the provider of the social media platform and only used or processed by us for the purposes listed below. We reserve the right to delete contents, where necessary. If applicable, we will share your contents on our social media websites, if this is a function of the website, and communicate with you via the website.
The websites provided by us contain links to our other company sites on social media platforms. You can identify links to the websites of the social media platforms e.g. by the respective company logo. If you follow this link, you can reach our company sites on the respective social media platforms. When you click on a link to a social media platform, a connection is established with the servers of the social media platform. This informs us that you have visited our website. In addition, further data is transmitted to the providers of the social media platform. These are, for example:
- Address of the website with the activated link
- Data and time of the website access and activation of the link
- Information about the browser and operating system used
- IP address
If you are already logged into the respective social media platform at the time that you activate the link, the provider of this social media platform may be able to determine your user name or even your real name based on the transmitted data and attribute this information to your personal user account on the social media platform. You can prevent this allocation to your personal user account, if you log out of your user account first.
You can contact us via some of our websites on social media platforms. We process your data in order to answer your query and, if applicable, to send you the requested information materials. Your data may also be transmitted to the position responsible for your query. This position may be a third party. A transmission only takes place, if we are authorized to carry out the transmission under data protection law.
If you send us a query on the social media platforms, we may, depending on the required response, also refer to other, secure communication channels which guarantee confidentiality.
You always have the option to send us confidential enquiries via our address listed under contact details.
Information processing is intended to allow us as the provider of the social media website to receive statistics (so-called page insights data) which the provider of the social media platform makes available based on the visits to our website. For example, it enables us to gain knowledge about the profiles of the visitors who like our website or use the applications on our website, so that we can provide them with more relevant contents and develop functions which may be of greater interest to them.
In order for us to better understand how to use our website to better reach interested users, the recorded information is also subjected to demographic and geographical analyses which are then made available to us. We can use this information in order to offer targeted interest-based contents without obtaining direct knowledge of the visitor’s identity. Where visitors use social media platforms on several devices, the recording and analysis can also be implemented across several devices, if these are registered users who are logged into their profiles.
The created visitors’ statistics are transmitted exclusively in an anonymized format. We do not have any access to the underlying data.
You can find more information on the processing of your personal data by the provider of the respective social media platform in the context of creating and processing user statistics by checking the information about user statistics on the following websites by the respective social media platform:
Legal basis for data processing
We provide these social media websites in order to present ourselves to the users and other interested parties who visit our websites and to communicate with them. The personal user data are processed on the basis of our legitimate interests in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR).
Recipients or categories of recipients
We do not transfer the data to third parties.
The servers of the social media platforms are located in the USA and in other countries outside the European Union. As a result, the providers of the social media platform can also use the data in countries outside the European Union. Please note that companies in these countries are subject to data protection law that does not generally protect personal data to the same extent as is the case in the European Union.
Please note that we cannot influence the scope, type and purpose of the data processing by the provider of the social media platform. For more information on the use of your data by the social media platform linked to on our website, please see the privacy policies of the respective social media platforms:
- Meta Platforms Ireland Ltd. (Facebook, Instagram)
- Google Ireland Ltd. (YouTube)
- LinkedIn Ireland Unlimited Company (LinkedIn)
- Twitter International Company (Twitter)
Duration of storage
We do not save the data.
Source of data
The data are not collected directly from the data subjects but instead made available by the provider of the social media platform: