Privacy Policy

Privacy Policy MDPI Sustainability Foundation

1 Scope

1.1 The following privacy policy applies to the use of our websites and the services offered through them. We have aligned this Privacy Policy with both the Swiss Federal Data Protection Act (“FADP”) and the EU General Data Protection Regulation (“GDPR”). The GDPR has established itself worldwide as a benchmark for strong data protection, therefore our company has set itself to implement the highest standards in data protection. As GDPR and FADP may have slight differences in the definitions used, we base the following Privacy Policy text on GDPR definitions, which have the same meaning in the FADP. Notwithstanding the above, please note that whether and to what extent the GDPR or FADP is applicable to you depends on the individual case.

1.2 This privacy policy informs you in accordance with Art. 12 ff. General Data Protection Regulation (GDPR) about the handling of your personal data when using our websites. It explains in particular which data we collect and for what purpose we use it. It also informs you about how and for what purpose this happens.

1.3 The protection of your personal data is important to us, especially with regard to safeguarding your personal rights when processing and using this information. When you visit our websites, various personal data are processed depending on the type and extent of use. Personal data (hereinafter also referred to as "data") are information relating to an identified or identifiable natural person (hereinafter "data subject"); a natural person is considered identifiable if they can be identified directly or indirectly (e.g., by assigning an online identifier). This includes information such as name, email address, address, telephone number, and date of birth.

1.4 The processing of your data can include any operation or series of operations performed on personal data, with or without the aid of automated procedures, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.5 Responsible Party

This website is made available by MDPI Sustainability Foundation, Basel, Switzerland (“MDPI Foundation” or “we”) and is the responsible party for the processing of your data.

Our contact details:

  • MDPI Sustainability Foundation
  • St. Alban-Anlage 66
  • CH-4052 Basel
  • Switzerland

  • Phone: +41 61 683 7734
  • Email: info@mdpi-foundation.org

1.6 Data Protection Officer

You can reach our Data Protection Officer at dpo@mdpi.ch or our postal address with the addition "the Data Protection Officer".

2 Automated data collection and processing by your browser

2.1 Logfiles

As with any website, our server automatically and temporarily collects data in the server logfiles, which are transmitted by the browser, unless you have disabled this function. This data is technically necessary to display our website to you and to ensure its stability and security.

Specifically, the following server logfiles are collected on the website:

  • IP address of the requesting computer
  • file request of the client
  • the http response code
  • the internet page from which you are visiting us (referrer URL)
  • the time of the server request
  • browser type and version
  • operating system used by the requesting computer
The appropriate collection also includes the storage of your IP address, which is technically necessary and can theoretically allow an assignment to your person but is never assigned to specific individuals. Your IP address is stored on our web server for IT security purposes for a maximum of 7 days.

In addition to ensuring functional website and system security, the collected data also serves the aggregated, statistical evaluation for the needs-based design and optimization of our internet offering based on our legitimate interests. A personal evaluation does not take place, and these data are not merged with other data sources. All logfiles are deleted as soon as they are no longer required for processing purposes.

3 Cookies and Other Technologies for Web Analysis

3.1 Cookies

This website uses cookies and other technologies. Cookies are small text files that contain an identification number (ID) and are stored on your computer, tablet, or smartphone (hereinafter: device) when you visit our website. If you visit our website again, your device can be recognized by this identification number. You have the option to make an appropriate setting of cookies and similar technologies using the consent banner.

3.2 Categories of Cookies and Other Technologies

Depending on the function and purpose of the data processing taking place, the technologies used on our website are divided by us into the following three categories:

  • 3.2.1 Necessary Cookies/ Required Technologies (“Function”)

    These technologies are necessary to offer you the functions of the website and to fulfill our legal obligations. The legal basis for processing your personal data is our legitimate interest (Art. 6 para. 1 lit. f GDPR) to make our website securely usable for you and to fulfill our legal obligations and are necessary, therefore.

    • 3.2.1.1 Usercentrics Consent Manager

      We use the Usercentrics service provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany ("Usercentrics") to fulfill our data protection obligations, particularly for managing and controlling automated data processing and data protection consents. This service helps us obtain legally required consents for cookies and tracking. When you visit our website, the Usercentrics script is automatically loaded. On your first visit, a window (so-called "cookie banner") will open where you can give your consent to the use of cookies generally or make customized settings. Usercentrics stores this selection and subsequently loads further cookies in line with your consent or other legal grounds. On subsequent visits, the cookie banner will no longer open, but Usercentrics will immediately load the cookies according to your selection on the first visit. You can change this selection at any time under "Cookie Settings" at the bottom area on the left side of our website (Icon: blue circle with fingerprint logo) with effect for the future. Usercentrics collects the date and time of your visit, device information, browser information, your anonymized IP address, as well as information about your selections in the privacy settings. Insofar as these data allow conclusions to be drawn about your person, Usercentrics does not use them for its own purposes and processes them exclusively in the European Union. The legal basis for using Usercentrics is Article 6 para.1 lit. c GDPR, as the use is necessary to comply with our legal obligations under data protection law, particularly the GDPR. There is also a legitimate interest in this pursuant to Article 6 para.1 lit. f GDPR as an additional legal basis. For more information about data protection at Usercentrics, please visit https://usercentrics.com/de/datenschutzerklaerung/.

3.2.2 Analyse Cookies (“Statistics”)

We use these technologies for statistical analysis purposes, to statistically record the use of our website. Statistic cookies help us improve our website and offer you content that is particularly relevant to you. The legal basis for processing your personal data is your consent given via the cookie banner. Your consent is always voluntary and is not required for the use of the website itself.

3.2.3 Marketing Cookies (“Marketing”)

We use these technologies for marketing purposes, i.e., for example, to provide you with personalized advertising. The legal basis for processing your personal data is your consent given via the cookie banner. Your consent is always voluntary and is not required for the use of the website itself.

3.2.4 Storage Period of cookies

Session cookies (hereinafter: “session cookies”) are deleted after closing the browser. We also use persistent (“permanent”) cookies. Details on the storage duration can be found in the following sections and our consent banner.

4 Data collection and processing of data you have provided us

4.1 General Contact

If you provide us with personal data via email, telephone, or through our website (name, first name, email address, address), this is generally done on a voluntary basis. This data is processed based on your consent or to fulfil your requests. Further use, especially the transfer of data to third parties for advertising, market or opinion research purposes, does not occur. We delete the data collected in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations. The legal basis is Art. 6 para. 1 lit. a GDPR.

4.2 Nomination Process

If you nominate a third party for an award through the provided form [https://mdpi-foundation.org/award/apply-now], we will store and process the information you enter and upload (Your name (required); Your Email (required); Nomination Form and Supporting Documents (e.g. Nomination Form)) for the purpose of the award. In the case of third-party nominations, we will notify the nominee via email that their personal data has been received by our organization as part of a nomination process. This personal data will be shared with committee members, including those who may be located in third countries. We use the contact details to further communicate with the nominee and inform them about the outcome of the award. Additionally, in the event of successful participation in the award, an invitation to the award ceremony may be sent.
We delete the data collected in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations. The legal basis is Art. 6 para. 1 lit. a GDPR.

5 Disclosure to third parties

5.1 We pass on at least some of your data that we collect in accordance with the aforementioned paragraphs to processors. These process your data only on our instructions and not for their own purposes (Art. 28, 19, GDPR). These are companies that can be assigned to the following categories:

  • (i) Third party tools, websites, and providers of tools or services engaged by MDPI to support submission checks and processing, peer-review, the editorial process, integrity investigations and/or scientific communication
  • (ii) Third party online databases, or platforms or indexing & abstracting services to share article data as published on mdpi.com
  • (iii) Affiliates of MDPI to fulfill MDPI’s services and contractual obligations

5.2 If you are associated with a university, institution, or society that has entered into an agreement with MDPI, your personal data like name and email address may be disclosed or shared in accordance with the terms and purposes stipulated in that agreement.

5.3 If we transfer data to recipients in a third country (located outside the European Economic Area, “EEA”), we will only do so if there is an adequate data protection level in accordance with Art. 44 - 50 GDPR. Some third countries are certified by the European Commission through so-called adequacy decisions as having a data protection standard that is comparable to the level in the European Economic Area. You can find a list of these countries at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If a country does not have a comparable data protection standard, we ensure that data protection is sufficiently guaranteed by other measures. This is possible, for example, through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations, unless expressly stated otherwise in this privacy policy.

6 Duration of storage

6.1 Unless otherwise stated, we initially process and store your personal data for the duration for which the respective purpose of use requires storage. If applicable, this also includes the periods of the initiation of a contract and the processing of a contract. On this basis, personal data is regularly deleted within the period required for the fulfilment of our contractual and/or legal obligations, unless its further processing for a limited period is necessary for the following purposes:

  • (i) Fulfilment of legal storage obligations (in particular due to commercial or tax law)
  • (ii) Preservation of evidence, taking into account the statute of limitations.

7 Your Rights

Under the legal conditions, you have the following rights as a data subject:

7.1 Right to access

You can request information from us about whether we process data about you. If this is the case, you have the right to receive information about this data.

7.2 Right to Rectification

If the data stored with us is incorrect or incomplete, you can request the correction and, if necessary, completion of this data.

7.3 Right to Deletion and Restriction of Processing

If the legal conditions are met, you can request the deletion or "blocking" of your data.

7.4 Right to Data Portability

For data processed automatically that we have received from you based on your consent or a contract, you can assert the right to data portability. We will then send you your data in a machine-readable format. If you wish and it is technically possible, we will transfer this data to a third party. All previously mentioned rights may be restricted or excluded by law in certain cases.

7.5 Right not to be Subject to Automated Decision-Making

You must not be subjected to a decision based solely on automated processing - including profiling - that has legal effects on you or similarly significantly affects you.

7.6 Withdrawal of Consent

If you have given us consent to process personal data for specific purposes, the lawfulness of the processing based on your consent is given. A granted consent can be withdrawn. You can direct the withdrawal to data-protection@mdpi.ch. Please note that your withdrawal only takes effect for the future. Processing that occurred before the withdrawal is not affected.

7.7 Objection to Processing Based on Legitimate Interest

We collect and process your personal data also to protect our legitimate interests or the legitimate interests of third parties, provided the data processing is necessary to protect these legitimate interests. In these cases, you have the right to object to the processing for the future. You can send this to data-protection@mdpi.ch.

7.8 Right to complain with a Supervisory Authority

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

7.9 Other Concerns

For further questions and concerns regarding data protection, we are at your disposal. Corresponding inquiries and the exercise of your aforementioned rights should, if possible, be sent in writing to our above-mentioned address or by email to data-protection@mdpi.ch.

8 Actuality of the Statement

We regularly review our privacy policy and adjust it as necessary to ensure that the information contained is current and factually accurate.

This privacy policy is currently valid and is as of 10.04.2025.