We, Max Planck Institute for Chemical Energy Conversion, use the luca system to collect contact information of guests, customers:inside and visitors:inside to support contact tracing in connection with the fight against COVID infections.
Here you will be informed which data is collected or provided to us by us as the responsible party during contact data transmission using the luca system, how we store and process your personal data, and what rights you have as a data subject with regard to your personal data.
The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the
Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Telephone: +49 (89) 2108-0
Contact form: www.mpg.de/kontakt/anfragen
Internet: www.mpg.de
The data protection officer of the responsible party is
Heidi Schuster
Hofgartenstraße 8
D-80539 München
Telefon: +49 (89) 2108-1554
datenschutz(at)mpg.de
In order to support the fight against COVID infections, we collect your personal data when you check in at our location, provided that you consent to this. Personal data is any information relating to an identified or identifiable natural person.
This check-in and the associated transfer of your personal data to us is preferably done through the service luca in one of the following forms:
Check-in via app can be done by either you scanning our QR code or we scan yours. If you decide to scan our QR code, the camera of the end device must be switched on. However, only the recording of the QR code is stored. No other new data is collected. If you register with us via the contact form in the browser, the contact details described in part C are collected again.
We may process the following data from you:
To support the fight against COVID infections, we record your contact details and residence times after your consent, so that in cases of new cases the health authority can trace a chain of contact if necessary. If we have received data from you, we will generally only process it for this purpose.
The following overview describes for which purposes and on which legal basis we process your personal
data are processed:
No. | Processing and purpose | Legal basis |
---|---|---|
(1) | Collection of your contact data, residence data, input data and functional data when visiting our premises and events for the fulfillment of the legal obligation | Art. 6 (1) 1 a) DSGVO: Einwilligung Consent by scanning our QR code, or having your your QR code. |
(2) | Determining your stay by checking in and out. These functions can be supported by using the camera and GPS function of your cell phone, if you voluntarily choose to do so. Only the information at which time you check in with us or leave the radius of our location is stored. | Art. 6 (1) 1 a) DSGVO: Einwilligung Consent by switching on the GPS or camera function, if necessary after prompting in the app. You can revoke your consent for the future at any time by turning off your camera or GPS function. (see also part H.) |
(3) | Encrypted storage and further processing of your contact data, input data and functional data within the IT infrastructure of culture4life GmbH. | Art. 6 (1) 1 a) DSGVO: Einwilligung Consent by scanning our QR code, or having your QR code scanned. |
(4) | Query and read your COVID test result, vaccination or recovery card. | Art. 9 (2) a) i.V.m. 6 (1) 1 a) DSGVO: Einwilligung Consent by showing the test, vaccination or recovery certificate. |
(5) | Transfer of your contact information, residence information, input information, and functional information to health authorities. | Art. 9 (2) a) i.V.m. 6 (1) 1 a) DSGVO: Einwilligung Consent by scanning our QR code, or having your QR code scanned. |
The luca system is operated by culture4life GmbH. Its subcontractors are providers of software maintenance and software operation services (currently neXenio GmbH) and providers of IT infrastructure services (currently Deutsche Telekom AG and Bundesdruckerei Gruppe GmbH). There is an agreement on order processing between the responsible party and culture4life GmbH. The aforementioned recipients and subcontractors are not permitted to not use your personal data in any other way than to support contact tracing for us.
In addition, we may release your personal data to health authorities upon request to enable tracking.
A transfer to a third country or an international organization will not be made.
We store your personal data for a period of 4 weeks. Your personal data will be deleted after four weeks.
With regard to the processing of your personal data, you have the following rights provided for in the GDPR:
Please note that we generally do not process your personal data in the form of plain data, but in encrypted form, and therefore in certain cases we will not be able to comply with a corresponding request by you to grant the aforementioned rights.
To exercise these rights against us, you may also contact us using the contact details set out in Part A of this Privacy Policy. Notwithstanding the foregoing rights, you have the right to lodge a complaint with our competent supervisory authority for data protection and freedom of information. The address is:
State Commissioner for Data Protection and Freedom of Information
Bavarian Data Protection Authority (BayLDA), Postbox 1349, 91504 Ansbach..
This is the current version of our privacy policy. We reserve the right to adapt this data protection declaration (in particular in the event of changes to the legal situation or changes to our services). Changes to this data protection declaration will be communicated to you separately, if necessary before a change to our services takes effect. Nevertheless, we recommend that you check this data protection declaration at regular intervals.