Data controller and contact

The editorial office acts as the data controller for journal operations. Contact details are listed on the journal website. When we use third-party services (e.g., email service providers, analytics, payment processors where APCs apply), those vendors act as processors on our behalf under appropriate agreements.

Information we collect

We do not intentionally collect special categories of personal data (e.g., health, race, religion) outside of research manuscripts; authors must de-identify materials and obtain consent for any personal data contained within submissions, especially images and case details.

Legal bases for processing

Where local law (e.g., GDPR) requires a legal basis, we rely on:

• Contract: To administer accounts and publishing workflows, including peer review and production.
• Legitimate interests: To maintain site security, prevent fraud/abuse, understand readership, and preserve the scholarly record—balanced against your rights and expectations.
• Consent: For optional communications (alerts, announcements) and where you choose to link an ORCID or provide profile data beyond what is necessary.
• Legal obligations: To comply with applicable laws, court orders, and regulatory requirements (e.g., tax/audit for APCs if applicable).

How we use your information

• To create and manage user accounts, authenticate sessions, and personalize your experience.
• To manage submissions, peer review, editorial decisions, production, and publication.
• To communicate about submissions, reviews, decisions, updates, and policy changes.
• To generate aggregated, anonymized statistics about usage and readership.
• To protect the integrity of the publication process and investigate suspected misconduct.
• To comply with indexing and preservation requirements, including exposing article metadata for harvesting (e.g., via OAI-PMH).

When we share information

We do not sell personal data. We share information only as needed to operate the journal:

• Editorial workflow: With editors and reviewers, who agree to treat manuscripts as confidential and use information only for evaluation.
• Service providers: With contracted vendors (e.g., web hosting, email delivery, analytics, archival/DOI registration) who process data under instructions and safeguards.
• Indexing and preservation: With discovery and preservation services (e.g., OAI-PMH harvesters, DOI registrars) we share article-level metadata to aid indexing and citation.
• Legal and safety: When required by law or to address security threats, fraud, or rights violations.

Author names, affiliations, and article metadata are intended for public dissemination as part of scholarly publishing.

Cookies & similar technologies

Our platform uses cookies to operate securely and reliably. Cookies are small files stored on your device. You can control cookies through your browser settings; disabling essential cookies may prevent you from signing in or completing submissions.

Cookie names vary by configuration and plugin set. We will update this table if the set of essential cookies changes materially.

Analytics and logs

We may use first-party or privacy-preserving analytics to understand site usage (e.g., page views, downloads, referrers) and to detect abuse (e.g., unusual traffic). Server logs are retained for a limited period for security and troubleshooting. Analytics reports are aggregated and are not used to profile individual users.

International data transfers

Because scholarly publishing is global, your information may be transferred to, stored, and processed in countries other than your own. Where required, we implement safeguards such as contractual clauses and access controls to protect your data during transfers.

Data retention

We retain personal data only as long as needed for journal operations and to comply with legal, audit, and preservation requirements. Typical retention periods include:

• Account data: While the account is active. Dormant accounts may be deactivated after a period of inactivity; basic records may be retained to maintain the integrity of the scholarly record.
• Submission and peer-review records: Retained as part of the editorial record to document decisions and preserve research integrity.
• Communications: Retained as necessary to document decisions, resolve complaints, or comply with legal requirements.
• Logs: Short-term retention for security and troubleshooting, unless needed to investigate abuse.

Security

We employ administrative, technical, and organizational measures appropriate to the risks associated with our processing activities. These measures include role-based access controls, encrypted transport (HTTPS), vulnerability patching, regular backups, and staff awareness for handling sensitive materials such as manuscripts and reviewer reports. No system can be perfectly secure; we continuously improve safeguards and encourage responsible disclosure of vulnerabilities.

Your choices and data rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict certain processing of your personal data, as well as to object to processing or request portability of information. You also have the right to withdraw consent to optional communications at any time.

Email preferences can be updated in your profile. Transactional messages necessary for submissions or reviews cannot typically be opted out of while you participate in those workflows.

Children’s privacy

This site and our publishing workflows are intended for adult professionals and students in higher education. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can take appropriate action.

Data incidents and breach response

If we become aware of unauthorized access to personal data, we will investigate promptly, take steps to contain the incident, and, where required, notify affected individuals and relevant authorities. We also review and improve controls to reduce the risk of recurrence.

Changes to this Privacy Statement

We may update this statement to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will revise the “Last updated” date and, where appropriate, provide additional notice (e.g., banner or email). Continued use of the site after changes indicates acceptance of the updated statement.

Contact and complaints

Questions about this statement or our data practices can be directed to the editorial office using the contact details provided on the journal website. If you believe we have not addressed your concern, you may have the right to lodge a complaint with a data protection authority in your region.

Frequently asked questions

Do you use my email for marketing?

We may send optional alerts or announcements if you opt in. You can unsubscribe at any time through your profile or by following the link in the message.

Can reviewers remain anonymous?

Yes. Our peer-review process is double blind; reviewer identities are confidential unless a reviewer explicitly consents to being named.

Will my ORCID be public?

If you link an ORCID, we may display it on your profile or published articles to help readers and indexers disambiguate author identities.

What data appears in public metadata?

Published article metadata includes author names, affiliations, ORCIDs (if provided), keywords, abstracts, funding statements, and licensing details. This information is intended for broad dissemination and may be harvested by indexers and repositories.

Can I delete my account?

Yes. Contact the editorial office. Note that we may retain minimal records necessary to preserve the scholarly record and audit trail of editorial decisions.

Summary

We collect the minimum information needed to operate a high-integrity, open-access journal. We use your information to run peer review and publication, to keep the platform secure, to make articles discoverable, and to comply with the requirements of the scholarly record. You control optional communications and can exercise data rights available in your jurisdiction.

Tags: Privacy GDPR Cookies OJS/PKP Research Integrity