Privacy policy

This privacy policy explains which data we record when you visit or register at movebank.org and how they are used. For information about how research data stored by users in Movebank are treated, see Movebank’s user agreement.

Summary

Movebank and our host, the Max Planck Society for the Advancement of Science (Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V., MPG) (hereafter “we”, “our”, or “Movebank”) takes the protection of your personal data very seriously. We process personal data gathered when visiting our websites in compliance with applicable data protection legislation. We neither publish your data nor transmit them to third parties on an unauthorized basis.

A. General information

1. Scope of data processing

As a matter of principle, we gather and utilize users' personal data only to the extent required to ensure the functioning of our website and of our contents and services. The gathering and utilization of our users' personal data normally occurs after users have granted their consent. An exception occurs where data processing is legally permitted.

2. Legal basis of data processing

To the extent that permission of the affected individual is obtained for the processing of personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis. If processing is required to safeguard the justified interest of the MPG or a third party and the interests, basic rights and basic freedoms of the affected individual do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR serves as the basis for such processing.

3. Data deletion and storage duration

The affected individual's personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Storage can also occur if provided for by European or national legislators in EU regulations, acts or other legislation to which the MPG is subject. A blocking or deletion of data then occurs only if a storage period prescribed by one of the aforementioned norms expires.

For users that are registered and logged in (see section G), accounts and the personal data associated with those accounts cannot be automatically deleted, because it would require the deletion of associated research data and studies that the user has stored on Movebank. The purpose of this data use is to pursue our and the public’s interests to make data discoverable and facilitate the sharing and joint management of data for beneficial use, including research and wildlife management and conservation (article 6(1)(f) of the GDPR). To request deletion of a user account and personal data, and the deletion or transfer of ownership of associated research data and studies, contact support@movebank.org.

4. Contact details of the individuals responsible

The entity responsible in the meaning of the General Data Protection Regulation and other national data protection acts as well as other data protection legislation is the

Max-Planck-Gesellschaft zur Förderung der Wissenschaften e.V. (MPG)
Hofgartenstrasse 8
D-80539 Munich
Germany
Telephone: +49 (89) 2108-0
Contact form: https://www.mpg.de/contact/requests
Internet: https://www.mpg.de

5. Data Protection Officer's contact details

The Data Protection Officer at the entity responsible is
Heidi Schuster
Hofgartenstrasse 8
D-80539 Munich
Germany
Telephone: +49 (89) 2108-1554
E-mail: datenschutz@mpg.de

B. Provision of the website and creation of log files

Each time you visit our website, our service and applications automatically record data and information from the computer system of the visiting computer. The following data are gathered temporarily:

  • Your IP address
  • Date and time of your access to the website
  • Name and version of your browser/operating system, if transmitted
  • Your user name, if logged in (see section G)
  • What operations are performed (for example, “Select Individual”, “Create Study”)

These data are stored in our systems' log files. These data are not stored together with the user's other personal data. The legal basis for the temporary saving of data and log files is Article 6 (1) lit. f GDPR. Storage occurs in log files in order to ensure the website's functionality. The data also help us optimize the websites, eliminate malfunctions, improve the user experience and ensure our IT system security. Our justified interest in data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.

The data are deleted periodically. The recording of data for the provision of the website and the storage of data in log files is essential to operate the website. As a consequence, users do not have an option to revoke such data recording.

C. Web analysis

We do not collect, nor do we utilize third-party applications to collect, user-specific information about site usage for the statistical data recording of utilization behavior.

D. Utilization of cookies

Our website utilizes cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a sequence of characters enabling the browser to be clearly identified when visiting the website again. We deploy cookies to make our website more user-friendly. Some elements of our website also technically require the identification of the visiting browser after a change of page. The following data are saved and transmitted in the cookies:

  • Language settings (localization) of the browser
  • Login credentials, if the user is registered and logs in (see section G)
  • Map viewing options
  • Session data (click path, pages visited, current language, and, where relevant, error messages for forms)

The legal basis for personal data processing while utilizing cookies is Article 6 (1) lit. f GDPR. The purpose of utilizing technically necessary cookies is to simplify the utilization of websites for users. Some of our website's functions cannot be offered without the utilization of cookies. For these, it is necessary that the browser can be re-identified following a change of page.

User data gathered by technically necessary cookies are not utilized to prepare user profiles. Our justified interest in personal data processing pursuant to Article 6 (1) lit. f GDPR also lies in such purposes.

Cookies are stored on the user's computer, which transmits them to our site. For this reason, you, as the user, also have full control over the utilization of cookies. You can deactivate or restrict the transmission of cookies through changing your Internet browser settings. Cookies that have already been saved can be deleted at any time. This can also occur automatically. If cookies for our website are deactivated, you may find not all of the website's functions can continue to be utilized in full.

E. Newsletter

Registered Movebank users are subscribed to an annual newsletter. The e-mail address you used when registering is used for this subscription. We inform you about the specific processing of the data and we obtain your consent as part of the registration procedure. Reference is also made to this data-protection statement. The legal basis for the processing of data after registration for the newsletter by the user is the user's consent pursuant to Article 6 (1) lit. a GDPR. The gathering of data serves to deliver the newsletter. You can unsubscribe from the newsletter at any time.

F. Communications

When you communicate with us by e-mail or phone or through social media, we may collect information on your name, your e-mail address, your phone number, the company or organization you represent and the content of your message and our correspondence. The purpose of this data collection is to respond to your questions or to communicate with you in general. If you are registered (section G) and a Data Manager for a study on Movebank, we may contact you by e-mail or phone with Notifications related to your study. The processing is necessary to pursue our interests in communicating with our network, research data owners, and the public in general (article 6(1)(f) of the GDPR).

G. Registration

We offer users the option to register on Movebank, entailing the entry of personal data in a data entry form that collects your e-mail address and name. We inform you about the specific processing of the data and we obtain your consent as part of the registration procedure. Reference is also made to this data protection statement. We use Secure Sockets Layer (“SSL”) encryption on all web pages on which users register and log in. The legal basis for the processing of data is the user's consent pursuant to Article 6 (1) lit. a GDPR.

Registration is not required but allows us to provide additional services on our website, including the ability to

  • contact data owners
  • upload and manage research data
  • be listed as the contact person for a study in Movebank
  • allow data owners to provide you with access to non-public research data

You can modify the data saved in connection with yourself at any time. To request deletion of a user account and personal data, contact support@movebank.org (see section A3).

Data of users registered on Movebank may be used in the following ways:

  • Usernames and names of registered users are displayed on user profile pages.
  • The username and name of registered users that are listed as the Contact or PI for a study in Movebank are displayed in the Study Details and can also be accessed using Movebank’s APIs, if allowed by the study’s Permissions, which are defined by the study’s Data Managers.
  • Registered users that are Data Managers for a study in Movebank may search registered users in order to add users as a Contact, PI, Data Manager or Collaborators for that study.
  • Registered users that are listed as the Contact for a study in Movebank, or that choose to allow users to contact them from their profile page, may be contacted by other registered users. A message will be sent to the e-mail address associated with the account of the user that is the Contact, but this address is not shared with the user sending the message. The e-mail address associated with the account of the user sending the message is included in the reply-to line of the e-mail that is sent to the user that is the Contact.
  • Registered users can be granted access to non-public data through Movebank or Movebank’s APIs by registered users that are Data Managers for a study in Movebank, as described above.

The purpose of this data use is to pursue our and the public’s interests to make data discoverable and facilitate the sharing and joint management of data for beneficial use, including research and wildlife management and conservation (article 6(1)(f) of the GDPR). Beyond what is described above, Movebank does not share lists of users or contact information and does not sell user data to third parties.

H. Data transmission

The management and storage of your personal information occurs in the case of selected services:

  • Provision of the website and creation of log files (section B)
  • Newsletter (section E)
  • Communications (section F)
  • Registration (section G)

Your personal data will only be conveyed to state institutions and authorities in legally essential cases or for criminal prosecution based on attacks on our network infrastructure. We minimize dependencies on third-party service providers. Providers currently used include

  • Google Maps and Bing APIs, used in the Tracking Data Map
  • Redmine, used to manage debugging, site development, and user support
  • YouTube and Vimeo, used to share video content for user support and public outreach

The legal basis for the data transmission and use of third-party service providers is Article 6 (1) lit. f GDPR. These interactions are provided to communicate with our network, research data owners, and the public in general and do not imply endorsement of these services.

I. Rights of individuals affected

As an individual whose personal data are gathered as part of the aforementioned services, you have, in principle, the following rights, to the extent that no legal exceptions are applicable in individual cases:

  • Information (Article 15 GDPR)
  • Correction (Article 16 GDPR)
  • Deletion (Article 17 (1) GDPR)
  • Restriction of processing (Article 18 GDPR)
  • Data transmission (Article 20 GDPR)
  • Revocation of processing (Article 21 GDPR)
  • Revocation of consent (Article 7 (3) GDPR)
  • Right to complain to the regulator (Article 77 GDPR). For the MPG, this is the Bavarian Data Protection Authority (BayLDA), Postbox 606, 91511 Ansbach, Germany

Last updated March 2020.