Privacy Policy

Last updated: 23 April 2026

1. Scope

The privacy policy applies to websites and services offered through them. It aligns with both the Swiss Federal Data Protection Act (FADP) and EU General Data Protection Regulation (GDPR). The organization implements highest data protection standards, basing the policy on GDPR definitions which have equivalent meaning under FADP. Applicability depends on individual circumstances.

This policy informs users per GDPR Articles 12 onwards about personal data handling on the websites. It explains what data is collected, purposes, and processing methods.

Personal data protection is prioritized, particularly regarding personal rights during processing. Various personal data are processed depending on usage type and extent. Personal data refers to information relating to identified or identifiable natural persons, including name, email, address, telephone, and date of birth. An identifiable person can be identified directly or indirectly through online identifiers.

Data processing includes any operation on personal data with or without automated procedures: collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure through transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

Responsible Party

The website is made available by MDPI Sustainability Foundation, Basel, Switzerland, which is the responsible party for data processing.

Contact Details:
MDPI Sustainability Foundation
St. Alban-Anlage 66
CH-4052 Basel
Switzerland
Phone: +41 61 683 7734
Email: info@mdpi-foundation.org

Data Protection Officer

The Data Protection Officer can be reached at dpo@mdpi.ch or via postal address with the addition "the Data Protection Officer".

2. Automated Data Collection and Processing by Your Browser

Logfiles

The server automatically collects data in logfiles transmitted by browsers unless disabled. This data is technically necessary to display the website and ensure stability and security.

Collected Server Logfile Data:

IP address of the requesting computer
File request of the client
HTTP response code
Internet page from which you are visiting (referrer URL)
Time of the server request
Browser type and version
Operating system used by the requesting computer

The IP address is stored for IT security purposes for a maximum of 7 days. While technically allowing potential person assignment, it is never assigned to specific individuals. Collected data serves aggregated, statistical evaluation for needs-based design and optimization of the internet offering based on legitimate interests. No personal evaluation occurs, and data is not merged with other sources. All logfiles are deleted when no longer required.

3. Cookies and Other Technologies for Web Analysis

Cookies

The website uses cookies and other technologies. Cookies are small text files containing identification numbers (ID) stored on your device when visiting. Upon return visits, your device is recognized by this ID. Cookie and similar technology settings can be adjusted using the consent banner.

Categories of Cookies and Other Technologies

Technologies are divided into three categories based on function and purpose:

Necessary Cookies / Required Technologies ("Function")

These technologies are necessary to offer website functions and fulfill legal obligations. The legal basis is legitimate interest per Article 6(1)(f) GDPR to make the website securely usable and fulfill legal obligations.

Usercentrics Consent Manager

The Usercentrics service from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany manages and controls automated data processing and data protection consents. The Usercentrics script automatically loads on website visits. On first visit, a consent window ("cookie banner") opens for cookie use consent or customized settings. Usercentrics stores selections and loads further cookies per consent or legal grounds. On subsequent visits, the banner doesn't reopen but immediately loads cookies per first-visit selections. Settings can be changed anytime under "Cookie Settings" at the bottom left using a blue circle with fingerprint logo, effective for the future.

Usercentrics collects visit date and time, device information, browser information, anonymized IP address, and privacy setting selections. If data allows personal conclusions, Usercentrics doesn't use it for own purposes and processes exclusively within the European Union. The legal basis is Article 6(1)(c) GDPR (compliance with data protection legal obligations, particularly GDPR), with Article 6(1)(f) GDPR as additional legitimate interest basis. For more information: https://usercentrics.com/de/datenschutzerklaerung/

Analysis Cookies ("Statistics")

These technologies statistically record website usage. Statistic cookies improve the website and offer particularly relevant content. The legal basis is consent via the cookie banner. Consent is voluntary and not required for website use.

Marketing Cookies ("Marketing")

These technologies serve marketing purposes, including personalized advertising. The legal basis is consent via the cookie banner. Consent is voluntary and not required for website use.

Storage Period of Cookies

Session cookies are deleted after closing the browser. Persistent ("permanent") cookies are also used. Storage duration details appear in subsequent sections and the consent banner.

4. Data Collection and Processing of Data You Have Provided

General Contact

Personal data provided via email, telephone, or website (name, first name, email, address) is generally voluntary. Data is processed based on consent or to fulfill requests. Further use, especially transfer to third parties for advertising, market, or opinion research, doesn't occur. Data collected is deleted when storage is no longer necessary or processing is restricted if legal retention obligations exist. The legal basis is Article 6(1)(a) GDPR.

Nomination Process

When nominating third parties for awards through the provided form (https://mdpi-foundation.org/award/apply-now), entered and uploaded information is stored and processed for award purposes. For third-party nominations, nominees are notified via email that their personal data was received as part of a nomination process. Personal data is shared with committee members, including those potentially in third countries. Contact details are used for further nominee communication and award outcome notification. Successful participation may result in award ceremony invitations. Data is deleted when storage is no longer necessary or processing is restricted if legal retention obligations exist. The legal basis is Article 6(1)(a) GDPR.

5. Disclosure to Third Parties

At least some collected data is passed to processors who process data only per instructions, not for their own purposes per GDPR Articles 28 and 19. These include companies in the following categories:

Third-party tools, websites, and service providers engaged by MDPI supporting submission checks, processing, peer-review, editorial processes, integrity investigations, and/or scientific communication
Third-party online databases, platforms, or indexing and abstracting services sharing article data published on mdpi.com
MDPI affiliates fulfilling MDPI's services and contractual obligations

If associated with a university, institution, or society having an agreement with MDPI, personal data like name and email may be disclosed per that agreement's terms and purposes.

Data transfers to third-country recipients (outside the European Economic Area, "EEA") only occur with adequate data protection per GDPR Articles 44-50. Some third countries have European Commission adequacy decisions with comparable data protection standards. A list appears at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. Countries without comparable standards receive data protection guarantees through binding corporate rules, standard contractual clauses, certificates, or recognized codes of conduct. Personal data isn't otherwise transferred outside the EU/EEA or to international organizations unless expressly stated.

6. Duration of Storage

Unless otherwise stated, personal data is initially processed and stored for the duration the respective use purpose requires. This includes contract initiation and processing periods. Data is regularly deleted within the period required for contractual and/or legal obligation fulfillment, unless further limited-period processing is necessary for:

Fulfillment of legal storage obligations (particularly commercial or tax law)
Preservation of evidence considering statute of limitations

7. Your Rights

Under legal conditions, data subjects have the following rights:

Right to Access

You can request information about whether data is processed about you. If so, you have the right to receive that information.

Right to Rectification

If stored data is incorrect or incomplete, you can request correction and, if necessary, completion.

Right to Deletion and Restriction of Processing

If legal conditions are met, you can request data deletion or "blocking".

Right to Data Portability

For data automatically processed that was received based on consent or contract, you can assert the right to data portability. Data will be sent in machine-readable format. If requested and technically possible, data will be transferred to a third party. All aforementioned rights may be restricted or excluded by law in certain cases.

Right Not to Be Subject to Automated Decision-Making

You must not be subjected to decisions based solely on automated processing—including profiling—with legal effects or similar significant impact.

Withdrawal of Consent

If consent was given for specific personal data processing purposes, the processing is lawful based on that consent. Granted consent can be withdrawn by directing withdrawal to data-protection@mdpi.ch. Note that withdrawal only takes effect for the future; prior processing is unaffected.

Objection to Processing Based on Legitimate Interest

Personal data is collected and processed to protect legitimate interests of the organization or third parties when necessary. In these cases, you have the right to object to future processing by sending notification to data-protection@mdpi.ch.

Right to Complain with a Supervisory Authority

You have the right to complain to a data protection supervisory authority about personal data processing.

Other Concerns

For further data protection questions and concerns, the organization is available. Inquiries and rights exercise should preferably be sent in writing to the organization's address or by email to data-protection@mdpi.ch.

8. Actuality of the Statement

The privacy policy is regularly reviewed and adjusted to ensure current and factually accurate information.

This privacy policy is currently valid and is as of 23.04.2026.