Privacy Statement
CJNCP respects your privacy. This Privacy Statement explains what personal data we collect when you use the journal website, submit or review manuscripts, register for an account, or contact the editorial office. It also describes why we process your data, the legal bases we rely on, how long we keep information, and the choices and rights available to you.
Transparent Rights-Respecting Security-Focused
Scope of this statement
This Privacy Statement applies to the journal website and to publishing activities conducted through our submission and peer-review platform (OJS/PKP). It covers authors, reviewers, editors, readers, librarians, and site visitors. It does not cover third-party websites linked from our pages; those sites are governed by their own privacy notices.
Data controller and contact
The editorial office acts as the data controller for journal operations. Contact details are listed on the journal website. When we use third-party services (e.g., email service providers, analytics, payment processors where APCs apply), those vendors act as processors on our behalf under appropriate agreements.
Information we collect
Account and profile data
- Identifiers: Name, email address, username, ORCID (if provided), institution, department, role (author/reviewer/editor/reader).
- Professional info: Areas of expertise, keywords, reviewer interests, country/region, preferred language.
- Communication preferences: Email notifications, alerts, and opt-in/out records.
Submission and review data
- Manuscript metadata: Title, abstract, author list and affiliations, funding, acknowledgments, competing-interest declarations.
- Files and content: Manuscripts, figures, tables, supplementary material, and cover letters you upload.
- Peer-review records: Invitations, accept/decline responses, review reports, recommendations, decision letters, and revision history.
- Editorial notes: Internal assessments, assignments, and communications necessary for peer review and production.
Usage and technical data
- Log data: IP address, browser type/version, device identifiers, pages visited, referrer URL, date/time of requests, and error logs.
- Cookies: Session and preference cookies that keep you logged in and remember interface choices; see Cookies & similar technologies below.
- Analytics: Aggregated usage statistics (e.g., article download counts) used to improve the site, combat abuse, and report outreach.
We do not intentionally collect special categories of personal data (e.g., health, race, religion) outside of research manuscripts; authors must de-identify materials and obtain consent for any personal data contained within submissions, especially images and case details.
Legal bases for processing
Where local law (e.g., GDPR) requires a legal basis, we rely on:
- Contract: To administer accounts and publishing workflows, including peer review and production.
- Legitimate interests: To maintain site security, prevent fraud/abuse, understand readership, and preserve the scholarly record—balanced against your rights and expectations.
- Consent: For optional communications (alerts, announcements) and where you choose to link an ORCID or provide profile data beyond what is necessary.
- Legal obligations: To comply with applicable laws, court orders, and regulatory requirements (e.g., tax/audit for APCs if applicable).
How we use your information
- To create and manage user accounts, authenticate sessions, and personalize your experience.
- To manage submissions, peer review, editorial decisions, production, and publication.
- To communicate about submissions, reviews, decisions, updates, and policy changes.
- To generate aggregated, anonymized statistics about usage and readership.
- To protect the integrity of the publication process and investigate suspected misconduct.
- To comply with indexing and preservation requirements, including exposing article metadata for harvesting (e.g., via OAI-PMH).
When we share information
We do not sell personal data. We share information only as needed to operate the journal:
- Editorial workflow: With editors and reviewers, who agree to treat manuscripts as confidential and use information only for evaluation.
- Service providers: With contracted vendors (e.g., web hosting, email delivery, analytics, archival/DOI registration) who process data under instructions and safeguards.
- Indexing and preservation: With discovery and preservation services (e.g., OAI-PMH harvesters, DOI registrars) we share article-level metadata to aid indexing and citation.
- Legal and safety: When required by law or to address security threats, fraud, or rights violations.
Author names, affiliations, and article metadata are intended for public dissemination as part of scholarly publishing.
Analytics and logs
We may use first-party or privacy-preserving analytics to understand site usage (e.g., page views, downloads, referrers) and to detect abuse (e.g., unusual traffic). Server logs are retained for a limited period for security and troubleshooting. Analytics reports are aggregated and are not used to profile individual users.
International data transfers
Because scholarly publishing is global, your information may be transferred to, stored, and processed in countries other than your own. Where required, we implement safeguards such as contractual clauses and access controls to protect your data during transfers.
Data retention
We retain personal data only as long as needed for journal operations and to comply with legal, audit, and preservation requirements. Typical retention periods include:
- Account data: While the account is active. Dormant accounts may be deactivated after a period of inactivity; basic records may be retained to maintain the integrity of the scholarly record.
- Submission and peer-review records: Retained as part of the editorial record to document decisions and preserve research integrity.
- Communications: Retained as necessary to document decisions, resolve complaints, or comply with legal requirements.
- Logs: Short-term retention for security and troubleshooting, unless needed to investigate abuse.
Security
We employ administrative, technical, and organizational measures appropriate to the risks associated with our processing activities. These measures include role-based access controls, encrypted transport (HTTPS), vulnerability patching, regular backups, and staff awareness for handling sensitive materials such as manuscripts and reviewer reports. No system can be perfectly secure; we continuously improve safeguards and encourage responsible disclosure of vulnerabilities.
Your choices and data rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict certain processing of your personal data, as well as to object to processing or request portability of information. You also have the right to withdraw consent to optional communications at any time.
How to exercise your rights
- Contact us: Use the contact information on the journal website. Include your name, account email, and a description of your request.
- Verification: We may ask for information to verify identity and protect account security.
- Response: We will respond within a reasonable period and in accordance with applicable law.
- Scope limits: Requests may be limited to protect peer-review confidentiality, intellectual property, or the integrity of the scholarly record.
Email preferences can be updated in your profile. Transactional messages necessary for submissions or reviews cannot typically be opted out of while you participate in those workflows.
Children’s privacy
This site and our publishing workflows are intended for adult professionals and students in higher education. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can take appropriate action.
Data incidents and breach response
If we become aware of unauthorized access to personal data, we will investigate promptly, take steps to contain the incident, and, where required, notify affected individuals and relevant authorities. We also review and improve controls to reduce the risk of recurrence.
Changes to this Privacy Statement
We may update this statement to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will revise the “Last updated” date and, where appropriate, provide additional notice (e.g., banner or email). Continued use of the site after changes indicates acceptance of the updated statement.
Contact and complaints
Questions about this statement or our data practices can be directed to the editorial office using the contact details provided on the journal website. If you believe we have not addressed your concern, you may have the right to lodge a complaint with a data protection authority in your region.
Frequently asked questions
Do you use my email for marketing?
We may send optional alerts or announcements if you opt in. You can unsubscribe at any time through your profile or by following the link in the message.
Can reviewers remain anonymous?
Yes. Our peer-review process is double blind; reviewer identities are confidential unless a reviewer explicitly consents to being named.
Will my ORCID be public?
If you link an ORCID, we may display it on your profile or published articles to help readers and indexers disambiguate author identities.
What data appears in public metadata?
Published article metadata includes author names, affiliations, ORCIDs (if provided), keywords, abstracts, funding statements, and licensing details. This information is intended for broad dissemination and may be harvested by indexers and repositories.
Can I delete my account?
Yes. Contact the editorial office. Note that we may retain minimal records necessary to preserve the scholarly record and audit trail of editorial decisions.
Summary
We collect the minimum information needed to operate a high-integrity, open-access journal. We use your information to run peer review and publication, to keep the platform secure, to make articles discoverable, and to comply with the requirements of the scholarly record. You control optional communications and can exercise data rights available in your jurisdiction.
Tags: Privacy GDPR Cookies OJS/PKP Research Integrity