Privacy Statement

Name and address of the responsible person 
The person responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other provisions of data protection law is
Max Delbrück Center for Molecular Medicine
Robert-Rössle-Str. 10
13125 Berlin (main address)
13092 Berlin (postal address)
Technical responsible person
Dr. Michaela Herzig
Name and address of data protection officer
Ulrike Ohnesorge
In addition to the general privacy policy of the MDC applies:

1. Application portal

This privacy statement is intended to inform the users of this website about the nature, extent and purpose of the collection and use of personal data by the HEIBRiDS PhD Program.
The website operator takes your privacy very seriously and treats your personal data confidentially and in accordance with the statutory provisions. As new technologies and the constant development of this website may result in changes to this data protection declaration, we recommend that you read the data protection declaration again at regular intervals.
Definitions of the terms used (e.g. "personal data" or "processing") can be found in Art. 4 GDPR.
Scope of data processing
On the following pages we collect the information required for an application process.
If you apply for a position as a PhD candidate, you will be asked for certain personal data (name, address, e-mail, telephone number, etc.). In addition, position-related questions may also be asked. For an application in our company, it is also absolutely necessary to include your professional career.
Please note that your data will not be stored anonymously.
Purpose of processing
Processing of the personal data provided by you with your application is necessary for the purpose of carrying out the application procedure in the course of the HEIBRiDS PhD Programme.
Legal basis of the processing
The processing of your application data is based on Art. 6 Para. 1 S. 1b), Art. 88 GDPR in conjunction with Art. 26 Para. 1 S. 1 BDSG (new). Section 26 para. 1 sentence 1 BDSG (new).
Duration of processing
We store your data as long as it is necessary for the application process. Your application data will be deleted at the latest 6 months after the application cycle, unless storage is required for legal reasons.
If you accept our offer of employment as an employee or guest with us, we will store your data for the duration of the employment relationship with you. In this case you will receive further information about the processing of your data in the employment relationship with the Max Delbrück Center for Molecular Medicine as soon as you start your employment with us.
Categories of recipients of your personal data
If you apply to us, we will not pass on your data to third parties. Only the employees of our company have access to your personal data, which must be viewed in the application process, in particular the PhD office and the decision-makers in the scientific working groups. In some cases, the application documents may be forwarded to partners of the graduate school or external reviewers.
If your data is necessary for the work of the lawyers working for us, we will pass on your data to them to the extent necessary.

2. Provision of the website and creation of logfiles

Description and scope of data processing
Each time you call up our application portal, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the browser type and the version used
- The user's operating system
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites accessed by the user's system through our website
- Amount of data sent in bytes
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
The collected data is used exclusively for statistical evaluation and improvement of the website.
Should there be concrete indications of illegal use, the website operator reserves the right to subsequently check the server log files.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the portal to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files in order to ensure the functionality of the portal. The data is also used to optimise the portal and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.
Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the portal, this is the case when the respective session has ended.
The data controller processes and stores personal data of the data subject only for the period of time necessary to achieve the storage purpose or purpose stated by the European Directive and Regulation Body or another legislator in laws or regulations to which the data controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European directive and regulation giver or another competent legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the statutory provisions.
Possibility of objection and removal
The collection of data for the provision of the portal and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

3. Use of cookies

Description and scope of data processing
Our portal uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly and secure. Some elements of our portal require that the calling browser can be identified even after a page change.
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our portal cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.
The user data collected by technically necessary cookies are not used to create user profiles.
Our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR also lies in these purposes.
Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our portal, it is possible that all functions of the portal can no longer be used to their full extent.

4. Your rights

You have the following rights with regard to data processing at the Max Delbrück Center for Molecular Medicine:
Right to disclosure as to which data we process about you (Art. 15 GDPR). You are entitled to the Right to disclosure which data we process about you and other information pursuant to Art. 15 GDPR in connection with data processing. On request, we will be happy to share relevant data and information and provide you with a copy of these data. Right to rectify your data (Art. 16 GDPR): You have the right to rectify your data if it is inaccurate or incomplete, taking into account the purposes of the processing.
Right to deletion (Art. 17 GDPR)
You have a right to deletion if data is no longer needed, the processing is not lawful or other cases of Art. 17 GDPR exist. In these cases we will delete your data immediately.
Right to limit the processing of your data (Art. 18 GDPR)
You have the right to restrict your data in the cases specified in Art. 18 GDPR. This includes, among other things, the case where we process data in places or to an extent that no longer justifies data processing by law. In addition, the case may be relevant that data is subject to a retention obligation and we are therefore not allowed to delete it without further ado.
In this case, we limit the processing as much as possible. As a rule, restriction means that the data is stored, but access by employees is no longer possible.
Right to data transfer (Art. 20 GDPR)
The right to so-called data portability allows you to receive and have transmitted by us data about you that you yourself have provided to us in the format stated in Art. 20 GDPR. Excluded from the publication, however, are such data which we obtain ourselves through processing (so-called processing results).
Right to object to processing based on Art. 6 Para. 1 S. 1 lit. e, f GDPR (Art. 21 GDPR)
We will cease processing your data on the basis of Art. 6 para. 1 sentence 1 lit. e, f GDPR (performance of a task within the framework of public violence/interest or processing to safeguard legitimate interests) if you object to this and the objection is justified.
The right not to be subject to a decision based exclusively on automated processing (Art. 22 GDPR); if an automated decision making process should exist, we will inform you in particular about the scope and the intended effects of the processing of your data. You have the right not to be subject to such a decision which has legal effect on you or which similarly significantly impairs your rights, unless one of the reasons stated in Art. 22 para. 2 GDPR applies.
You also have the right to appeal to the competent supervisory authority Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10696 Berlin.