MDPI Privacy Policy

Scope

This website is made available by MDPI AG, St. Alban-Anlage 66, 4052 Basel, Switzerland (“MDPI”) as the controller within the meaning of Art. 4 of the GDPR. MDPI is an open access publisher and provides platforms for open scientific exchange. The following privacy policy applies to the use of the website www.mdpi.com and the services offered via it including, but not limited to, Sciforum, Preprints, Scilit, Encylcopedia, WSForum and MDPI’s Submission System, “SuSy” and MDPI Books. In the event of any data protection related inquiry, you can contact us at [email protected] or you can reach our data protection officer Mr. Simon Brandmeier at [email protected].

This privacy policy informs you in accordance with Art. 12 ff. GDPR about how we handle your personal data when you use our website. In particular, it explains which data we collect and what we use it for. It also informs you about how and for what purpose this is done.

The protection of your personal data is important to us, especially with regard to safeguarding your personal rights when processing and using this information. When you use this website, various personal data are processed depending on the type and scope of use. Personal data is information that relates to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly (e.g. by means of association with an online identifier). This includes information such as the name, address, email, telephone number and date of birth.

Automated data collection and processing by the browser

As with any website, our server automatically and temporarily collects information in the server log files that are transmitted by the browser while you are browsing through our website. Depending on the settings of your browser the following data are collected:

• IP address of the requesting computer
• the Internet page from which you visit us (referrer URL),
• Date, time and duration of the server session
• Browser type and version
• Type of end device and operating system used by the requesting computer

The storage of server log files is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files solely for the purpose of designing and optimizing our website in line with demand, purely for statistical purposes and without any reference to your person. A personal evaluation of the server log files does not take place. This data is not merged with other data sources. The access data collected in connection with the use of our website is only stored for the period of time for which this data is required to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of two years for IT security purposes. For data stored through cookies, please see section 3 below.

If you visit our website to find out about or use our range of products and services, the basis for the temporary storage and processing of the server log files is Art. 6 para. 1 lit. b GDPR (legal basis), which permits the processing of data for the fulfilment of a contract or for the execution of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest in this regard is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

Cookies and tracking tools used on our website

This website uses cookies and other tracking technologies. Cookies are small text files that contain an identification number. Cookies are stored on your computer, tablet or smartphone (“device”) when you call up our website. If you call up our website again, your device can be recognised on the basis of this identification number.

When you visit our website for the first time you will be asked whether you wish to give your consent, that cookies that collect personal data may be set. You can give your consent for all cookies (button “Allow all”), select the cookie categories (Preferences, Statistics, Marketing) you want to accept and select the “Allow selection” button or by clicking on the “Show details” button to make more user-defined settings. There you can decide by activating or by setting a check mark whether you give your consent for certain services or for certain categories of services or refuse consent for certain services. Consent is voluntary and you can revoke it at any time by clicking on the Cookiebot icon in the left corner at the bottom of our website (so-called footer) with effect for the future.

Cookies

Categories of cookies

Depending on the function and purpose of the data processing taking place, we categorise the cookies used on our website into the following three categories:

Necessary

These cookies are necessary to provide you with website functions and to fulfil our legal obligations. The legal basis for the processing of your personal data is our legitimate interest (Art. 6 para. 1 lit. f GDPR) to make our website usable for you and to fulfil our legal obligations (Art. 6 para. 1 lit. c GDPR).

Statistics

We use these cookies for statistical analysis purposes to statistically record the use of our website. Statistics cookies help us to improve our website and to offer you content that is of particular relevance to you. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you can give via our cook-ie banner. Your consent is always voluntary and is not required for the use of the website itself.

Marketing

We use these cookies for marketing purposes, for example to provide you with a better personal experience on our websites. The legal basis for the processing of your personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you can give via our cookie banner. Your consent is always voluntary and is not required for the use of the web-site itself.

Storage period of cookies

Session cookies are deleted after closing the browser. We also use persistent (“permanent”) cookies. Details on the storage period can be found in the cookie management tool.

Individual cookies

For details regarding the individual cookies used, please refer to the “show details” section of our cookie tool. You can find it at any time by clicking on the Cookiebot icon on the left side at the bottom of our website.

Data collection and processing of voluntarily provided data

Contact form or general contact

If you send us enquiries via the contact form or via one of the specified contact options, your message including the contact data you provide there will be stored and processed accordingly for the purpose of processing and answering the enquiry and in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary within the scope of processing and answering your contact enquiry or you have given us your corresponding consent.

If you contact us in the context of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and answering your contact enquiry in accordance with Art. 6 para. 1 lit. b GDPR (legal basis), and otherwise to safeguard our legitimate interests in accordance with Art. 6 para. 1. Lit. f GDPR for the proper answering of contact enquiries.

The data you enter in the contact form will remain with us until the purpose for storing/processing the data no longer applies and mandatory retention periods (in particular any retention obligations under commercial or tax law) have been fulfilled.

User Accounts

To make use of personalized services, you will have to register a user account with our websites. During registration we will ask you to provide some personal information, including, but not limited to, your name, valid e-mail address, affiliation, postal address, phone number, password, academic degree, position within your institution or organisation, and your research interests. Also, your IP address will be stored as part of your registration and each time you log into our services. Some of this information is required to properly set up the user account for you to use all of MDPI’s services. MDPI may use this information to fulfil our contract with you (e.g. the publication of your article). Furthermore, MDPI may also use this information internally, e.g., to evaluate and improve our business, respond to any questions, requests or comments you make, or to identify and prevent fraud, claims or other liabilities.

Newsletters

With your consent, you can subscribe to the newsletters we offer as part of our services (e.g. regarding journals or other offerings).

For the subscription to our newsletters, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. Only your e-mail address is required for sending the newsletter. The provision of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store the data you have provided for the purpose of sending you the newsletter (legal basis is Art. 6 para. 1 lit. a GDPR).

You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the withdrawal by clicking on the link provided in every newsletter email.

Disclosure to third parties

We pass on at least some of your data that we collect in accordance with the aforementioned paragraphs to processors. These process your data only on our instructions and not for their own purposes (Art. 28, 19, GDPR). These are companies that can be assigned to the following categories:

- Third party online databases, or platforms or indexing & abstracting services to share article data as published on mdpi.com

If we transfer data to recipients in a third country (located outside the European Economic Area, “EEA”), you will learn about this from the information on the recipients/categories of recipients and the underlying legal basis in accordance with Article 46 (2) of the Data Protection Regulation as part of the description of the respective data processing. Some third countries are certified by the European Commission through so-called adequacy decisions as having a data protection standard that is comparable to the level in the European Economic Area. You can find a list of these countries at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If a country does not have a comparable data protection standard, we ensure that data protection is sufficiently guaranteed by other measures. This is possible, for example, through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct. Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations, unless expressly stated otherwise in this privacy policy.

Duration of storage

Unless otherwise stated, we initially process and store your personal data for the duration for which the respective purpose of use requires storage. If applicable, this also includes the periods of the initiation of a contract and the processing of a contract. On this basis, personal data is regularly deleted within the period required for the fulfilment of our contractual and/or legal obligations, unless its further processing for a limited period is necessary for the following purposes:

• Fulfilment of legal storage obligations (in particular due to commercial or tax law)
• Preservation of evidence, considering the statute of limitations.

Your rights

You have the following rights in relation to personal data relating to you:

• Right to access,
• Right to rectification or erasure,
• Right to restriction of processing,
• Right to object to processing,
• Right to data portability.

Please send your written request to MDPI AG, St. Alban-Anlage 66, 4052 Basel, Switzerland or to the e-mail address: [email protected].

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.