Privacy Policy – CESifo GmbH

Information to be provided pursuant to Art. 12, 13 et seq. GDPR

1. Name and Address of Controller

CESifo GmbH (Münchener Gesellschaft zur Förderung der Wirtschaftswissenschaft)
Poschingerstr. 5, 81679 Munich, Germany

(hereinafter “we”, “us”, “our” or “CESifo”).

2. Name and Address of Data Protection Officer

We are advised by:

Legaltech GmbH
Augustaanlage 32, 68165 Mannheim, Germany
https://www.schutz-von-daten.de/

Please contact our Data Protection Officer, Dr. Thomas Wirth:

Email: privacy@cesifo.de
Phone: +49 621 43179339

3. General Information on Data Processing

3a. Scope of Processing

We process personal data only as necessary to provide our services. Processing is generally based on your consent unless another legal permission applies.

3b. Legal Bases

• Art. 6(1)(a) GDPR – consent
• Art. 6(1)(b) GDPR – contract / pre-contractual measures
• Art. 6(1)(c) GDPR – legal obligation
• Art. 6(1)(e) GDPR – task in the public interest
• Art. 6(1)(f) GDPR – legitimate interests

3c. Deletion and Storage Period

Data are deleted or blocked when the processing purpose ceases. Longer storage may occur due to EU or national legal obligations; upon expiry of statutory periods, data are deleted unless required for contract initiation or performance.

3d. Converia (Event Registration)

We use Converia (Lombego Systems GmbH) for event registrations. If you register via our links, your data (e.g., name, contact details, event-specific info) are transmitted directly to Converia and processed solely for organizing and conducting the event, under our instructions and applicable data protection law. Privacy policy: https://www.converia.de/de/datenschutz.html.

3e. Oxford Abstracts (Event Management)

We also use Oxford Abstracts (Oxford Abstracts Limited) for certain events. Your data are transmitted directly to Oxford Abstracts and processed on our behalf for organization and execution of the respective event. Privacy policy: https://oxfordabstracts.com/privacy-policy/.

4. Website Provision and Creation of Log Files

4a. Legal Basis

Art. 6(1)(f) GDPR (legitimate interests).

4b. Purpose

Temporary storage enables delivery of the website; log files ensure functionality, optimization and IT security. No marketing analysis.

4c. Storage Period

Session data: until session end. Log files: deleted after at most 14 days (or anonymized/masked thereafter).

4d. Objection

Collection for provision and security is essential; no right to object.

5. Use of Cookies

5a. Legal Basis

Technically necessary cookies: Art. 6(1)(f) GDPR. Non-essential cookies: Art. 6(1)(a) GDPR (consent).

5b. Purpose

Necessary cookies enable core functions; non-essential cookies improve usability and allow statistical analysis (only with consent via the cookie banner).

5c. Storage Period

Data are deleted when no longer required; lifetimes per cookie below.

5d. Objection / Removal

Manage cookies in your browser settings; deleting or blocking may limit functionality.

Show privacy settings

5e. List of Cookies Used

6. Newsletter

6a. Legal Basis

Art. 6(1)(a) GDPR (consent) or § 7(3) UWG in conjunction with Art. 6(1)(f) GDPR.

6b. Purpose

Distribution of newsletters.

6c. Storage Period

For the duration of an active subscription.

6d. Objection / Removal

Unsubscribe anytime via the link in each newsletter (withdraws consent).

7. Registration

7a. Legal Basis

Art. 6(1)(b) GDPR.

7b. Purpose

Facilitates contract conclusion / pre-contractual steps.

7c. Storage Period

Deleted when no longer needed; storage may continue to meet contractual / legal duties.

7d. Objection / Removal

Cancellation or modification is possible; early deletion may be limited by contractual/legal obligations.

8. Contact Form and Contact by Email

8a. Legal Basis

Art. 6(1)(f) GDPR; additionally Art. 6(1)(b) GDPR if aimed at a contract.

8b. Purpose

Handling the inquiry only.

8c. Storage Period

Until the conversation is evidently concluded.

8d. Objection / Removal

Future processing can be objected to; conversation then cannot continue; stored data are deleted.

9. Web Tracking and Web Analysis by Matomo

9a. Legal Basis

Art. 6(1)(f) GDPR.

9b. Purpose

Usage analysis to improve website and usability; IP addresses are anonymized.

9c. Storage Period

14 days.

9d. Objection / Removal

Control via browser settings. More info: https://matomo.org/docs/privacy/

10. Direct Marketing

10a. Legal Basis

Art. 6(1)(f) GDPR.

10b. Purpose

Promotion of goods/services.

10c. Storage Period

Until objection is received.

10d. Objection / Removal

You may object at any time with future effect.

11. Social Media

We use links (no auto-tracking) to the following networks; data flow starts only after you click.

11a. X (formerly Twitter)

Provider: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; for non-US users: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Privacy Policy: https://twitter.com/en/privacy
Account settings: https://twitter.com/account/settings
EU–US DPF list: https://www.dataprivacyframework.gov/list
Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).

11b. YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; data may be transferred to YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
Privacy Policy: https://policies.google.com/privacy?hl=en
EU–US DPF list: https://www.dataprivacyframework.gov/list
Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR; § 25(1) TDDDG where applicable (consent).

11c. XING

Provider: New Work SE, Strandkai 1, 20457 Hamburg, Germany.
Privacy Policy: https://privacy.xing.com/en/privacy-policy

11d. LinkedIn

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Privacy Policy: Privacy Policy · SCC/DPA: https://legal.linkedin.com/dpa · Opt-out: Retargeting Opt-out
EU–US DPF list: https://www.dataprivacyframework.gov/list

11e. Bluesky

Provider: Bluesky Social, PBC. Privacy Policy (incl. “Your Privacy Choices and Rights”): https://bsky.social/about/support/privacy-policy#privacy-choices (as of April 30, 2025).
Note: Not certified under the EU–US DPF; potential risk of access by US authorities without adequate legal remedies. Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).

11f. TV1.eu

Provider: TV1 GmbH, Beta-Str. 9a, 85774 Unterföhring, Germany.
Privacy Policy: https://tv1.eu/en/data-protection/
Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).

11g. Slido

Provider: Slido s.r.o. (Cisco Systems, Inc.). Terms/Privacy: https://www.sli.do/terms.
EU–US DPF list (Cisco): https://www.dataprivacyframework.gov/list.
Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).

11h. Legal Basis and Purpose for Links

Art. 6(1)(f) GDPR to increase awareness of CESifo; if cookies/device access apply, we obtain consent per Art. 6(1)(a) GDPR; § 25(1) TDDDG.

11i. Objection

If you do not want providers to associate your visit, log out of your respective accounts before clicking.

12. Legal Defence and Enforcement of Rights

12a. Legal Basis

Art. 6(1)(f) GDPR.

12b. Purpose

Defence against unfounded claims; enforcement of rights.

12c. Storage Period

Until no longer required for those purposes.

12d. Objection

Processing is essential for legal defence/enforcement; no right to object.

13. Categories of Recipients

• Banks
• Scan services
• Print shops
• Letter shops
• IT service providers
• Lawyers and courts

14. Rights of the Data Subject

Includes rights of access, rectification, restriction, deletion, notification, data portability, objection (incl. direct marketing), withdrawal of consent, and to lodge a complaint with a supervisory authority.

Supervisory Authority (competent for us):
Bayerisches Landesamt für Datenschutzaufsicht, Postfach 606, 91511 Ansbach, Germany

For any request, please contact our DPO at privacy@cesifo.de.

Date of last update: September 2, 2025