Privacy Policy – CESifo GmbH
Information to be provided pursuant to Art. 12, 13 et seq. GDPR
Contents 1. Name and Address of Controller 2. Name and Address of Data Protection Officer 3. General Information on Data Processing 4. Website Provision and Log Files 5. Use of Cookies 6. Newsletter 7. Registration 8. Contact Form and Email 9. Web Tracking (Matomo) 10. Direct Marketing 11. Social Media 12. Legal Defence and Enforcement of Rights 13. Categories of Recipients 14. Rights of the Data Subject Date of last update
1. Name and Address of Controller
CESifo GmbH (Münchener Gesellschaft zur Förderung der Wirtschaftswissenschaft)
Poschingerstr. 5, 81679 Munich, Germany
(hereinafter “we”, “us”, “our” or “CESifo”).
2. Name and Address of Data Protection Officer
We are advised by:
Legaltech GmbH
Augustaanlage 32, 68165 Mannheim, Germany
https://www.schutz-von-daten.de/
Please contact our Data Protection Officer, Dr. Thomas Wirth:
Email: privacy@cesifo.de
Phone: +49 621 43179339
3. General Information on Data Processing
3a. Scope of Processing
We process personal data only as necessary to provide our services. Processing is generally based on your consent unless another legal permission applies.
3b. Legal Bases
- Art. 6(1)(a) GDPR – consent
- Art. 6(1)(b) GDPR – contract / pre-contractual measures
- Art. 6(1)(c) GDPR – legal obligation
- Art. 6(1)(e) GDPR – task in the public interest
- Art. 6(1)(f) GDPR – legitimate interests
3c. Deletion and Storage Period
Data are deleted or blocked when the processing purpose ceases. Longer storage may occur due to EU or national legal obligations; upon expiry of statutory periods, data are deleted unless required for contract initiation or performance.
3d. Converia (Event Registration)
We use Converia (Lombego Systems GmbH) for event registrations. If you register via our links, your data (e.g., name, contact details, event-specific info) are transmitted directly to Converia and processed solely for organizing and conducting the event, under our instructions and applicable data protection law. Privacy policy: https://www.converia.de/de/datenschutz.html.
3e. Oxford Abstracts (Event Management)
We also use Oxford Abstracts (Oxford Abstracts Limited) for certain events. Your data are transmitted directly to Oxford Abstracts and processed on our behalf for organization and execution of the respective event. Privacy policy: https://oxfordabstracts.com/privacy-policy/.
4. Website Provision and Creation of Log Files
4a. Legal Basis
Art. 6(1)(f) GDPR (legitimate interests).
4b. Purpose
Temporary storage enables delivery of the website; log files ensure functionality, optimization and IT security. No marketing analysis.
4c. Storage Period
Session data: until session end. Log files: deleted after at most 14 days (or anonymized/masked thereafter).
4d. Objection
Collection for provision and security is essential; no right to object.
5. Use of Cookies
5a. Legal Basis
Technically necessary cookies: Art. 6(1)(f) GDPR. Non-essential cookies: Art. 6(1)(a) GDPR (consent).
5b. Purpose
Necessary cookies enable core functions; non-essential cookies improve usability and allow statistical analysis (only with consent via the cookie banner).
5c. Storage Period
Data are deleted when no longer required; lifetimes per cookie below.
5d. Objection / Removal
Manage cookies in your browser settings; deleting or blocking may limit functionality.
5e. List of Cookies Used
Cookie | Purpose | Duration |
---|---|---|
Cookie accepted (ifoclCy46qXZu) | Technically required to store consent choice | 365 days |
Session Cookie (logged-in users only) | Technically required: enables user-scoped actions/rights | 4 weeks or session end |
youtube.com | Third-party cookies (click-to-play only) | per provider |
tv1.com | Third-party cookies (click-to-play only) | per provider |
matomo.org | Third-party cookies (click-to-play only) | per provider |
6. Newsletter
6a. Legal Basis
Art. 6(1)(a) GDPR (consent) or § 7(3) UWG in conjunction with Art. 6(1)(f) GDPR.
6b. Purpose
Distribution of newsletters.
6c. Storage Period
For the duration of an active subscription.
6d. Objection / Removal
Unsubscribe anytime via the link in each newsletter (withdraws consent).
7. Registration
7a. Legal Basis
Art. 6(1)(b) GDPR.
7b. Purpose
Facilitates contract conclusion / pre-contractual steps.
7c. Storage Period
Deleted when no longer needed; storage may continue to meet contractual / legal duties.
7d. Objection / Removal
Cancellation or modification is possible; early deletion may be limited by contractual/legal obligations.
8. Contact Form and Contact by Email
8a. Legal Basis
Art. 6(1)(f) GDPR; additionally Art. 6(1)(b) GDPR if aimed at a contract.
8b. Purpose
Handling the inquiry only.
8c. Storage Period
Until the conversation is evidently concluded.
8d. Objection / Removal
Future processing can be objected to; conversation then cannot continue; stored data are deleted.
9. Web Tracking and Web Analysis by Matomo
9a. Legal Basis
Art. 6(1)(f) GDPR.
9b. Purpose
Usage analysis to improve website and usability; IP addresses are anonymized.
9c. Storage Period
14 days.
9d. Objection / Removal
Control via browser settings. More info: https://matomo.org/docs/privacy/
10. Direct Marketing
10a. Legal Basis
Art. 6(1)(f) GDPR.
10b. Purpose
Promotion of goods/services.
10c. Storage Period
Until objection is received.
10d. Objection / Removal
You may object at any time with future effect.
11. Social Media
We use links (no auto-tracking) to the following networks; data flow starts only after you click.
11a. X (formerly Twitter)
Provider: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; for non-US users: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Privacy Policy: https://twitter.com/en/privacy
Account settings: https://twitter.com/account/settings
EU–US DPF list: https://www.dataprivacyframework.gov/list
Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).
11b. YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; data may be transferred to YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
Privacy Policy: https://policies.google.com/privacy?hl=en
EU–US DPF list: https://www.dataprivacyframework.gov/list
Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR; § 25(1) TDDDG where applicable (consent).
11c. XING
Provider: New Work SE, Strandkai 1, 20457 Hamburg, Germany.
Privacy Policy: https://privacy.xing.com/en/privacy-policy
11d. LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Privacy Policy: Privacy Policy · SCC/DPA: https://legal.linkedin.com/dpa · Opt-out: Retargeting Opt-out
EU–US DPF list: https://www.dataprivacyframework.gov/list
11e. Bluesky
Provider: Bluesky Social, PBC. Privacy Policy (incl. “Your Privacy Choices and Rights”): https://bsky.social/about/support/privacy-policy#privacy-choices (as of April 30, 2025).
Note: Not certified under the EU–US DPF; potential risk of access by US authorities without adequate legal remedies. Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).
11f. TV1.eu
Provider: TV1 GmbH, Beta-Str. 9a, 85774 Unterföhring, Germany.
Privacy Policy: https://tv1.eu/en/data-protection/
Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).
11g. Slido
Provider: Slido s.r.o. (Cisco Systems, Inc.). Terms/Privacy: https://www.sli.do/terms.
EU–US DPF list (Cisco): https://www.dataprivacyframework.gov/list.
Legal basis: Art. 6(1)(a) GDPR; § 25(1) TDDDG (consent).
11h. Legal Basis and Purpose for Links
Art. 6(1)(f) GDPR to increase awareness of CESifo; if cookies/device access apply, we obtain consent per Art. 6(1)(a) GDPR; § 25(1) TDDDG.
11i. Objection
If you do not want providers to associate your visit, log out of your respective accounts before clicking.
12. Legal Defence and Enforcement of Rights
12a. Legal Basis
Art. 6(1)(f) GDPR.
12b. Purpose
Defence against unfounded claims; enforcement of rights.
12c. Storage Period
Until no longer required for those purposes.
12d. Objection
Processing is essential for legal defence/enforcement; no right to object.
13. Categories of Recipients
- Banks
- Scan services
- Print shops
- Letter shops
- IT service providers
- Lawyers and courts
14. Rights of the Data Subject
Includes rights of access, rectification, restriction, deletion, notification, data portability, objection (incl. direct marketing), withdrawal of consent, and to lodge a complaint with a supervisory authority.
Supervisory Authority (competent for us):
Bayerisches Landesamt für Datenschutzaufsicht, Postfach 606, 91511 Ansbach, Germany
For any request, please contact our DPO at privacy@cesifo.de.
Date of last update: September 2, 2025