This policy was last updated on 24/05/2022.
Certain personal data as described in this policy is gathered through the use of the Submission to publication workflow system and controlled by the GDAIAE Group, publishing legal entity of the journal (hereafter referred to as “Publisher” or “we”) to which you submit.
The details of the respective Publisher, acting as the data controller, can be discerned at the website for the journal at which you are submitting, reviewing or editing.
We will only use the personal data gathered during the Submission to publication workflow systems as set out in this policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared, and what control and information rights you may have.
I. Summary of our processing activities
We publish scholarly journals. The following summary offers a brief overview of the data processing activities that are undertaken on the Submission to publication systems. You will find more detailed information under the indicated sections below.
In case of registration for one our services, personal data will be processed in the scope of such services (see III).
- Yourpersonal data will be used for statistical analysis that helps us to improve our services (see III).
- We will use your personal data and contact details to tell you about other publishing opportunitiesin your You can opt out of these communications at any time (see III)
- Some of your personal data may be processed in the course of implementing a peer review procedure (seeIII).
- Yourpersonal data may be disclosed to third parties (see V) that might be located outside your country of residence; potentially, different data protection standards may apply (see VI).
- Wehave implemented appropriate safeguards to secure your personal data (see VII) and retain your personal data only as long as necessary (see VIII).
- Under the legislation applicable to you, you may be entitled to exercise certain rightswith regard to the processing of your personal data (see IX).
- Personal data: means any information relating to a natural person who can be identified, directlyor indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online
- Processing: means any operation that is performed on personal data, such as collection, recording,organisation, structuring, cataloguing, storage, adaptation or any kind of disclosure or other use.
III. Information we collect and how we use it
Our Submission to Publication workflow systems include the following services: peer review; content preparation and proofing; publication; and distribution of published material. In order to use the aforementioned services, you have to set up an initial account.
With regard to the registration of an account and its subsequent use, we process the following information:
- Informationthat is provided during registration such as your name, user name, ORCID ID (if applicable) and email;
- Information in connection with an account sign-in facility, e.g. log-in and passworddetails;
- Communications sent by you, e.g. via email or website communicationforms;
- Content files and covering letters provided byyou;
- Grants, funding, membership, institution, society, committeeregistration;
- Billing or invoicinginformation;
- Information received from societies we work with, e.g. address, name,email;
- Your publication record based on publicly available.
The information that is necessary for the performance of the service is labelled accordingly. We will process the personal data you provide in order to:
- Identify you atsign-in;
- Administer youraccount;
- Provide you with the services and information offered through the Submission to publication workflow systems or that which you additionallyrequest;
- Communicate withyou;
- Provideinformation to you as an Author about other publishing opportunities, with the KEO group, you can stop these communications at any time by clicking the link in each email or contacting customer services;
- Communicate with you in your capacity as a current or potential Peer Reviewer, Editorial Board Member, or external Editor to provide information about the journal (s) and content you have worked on; you can stop these communications to you as a Peer Reviewer, Editorial Board Member,or external Editor at any time by clicking the link in each email or contacting customer services. Stopping these communications will not affect your status as Peer Reviewer, Editorial Board Member or external Editor with respect to the journal;
- To ensure the accuracy of content attribution and the quality and integrity of the peer review process;
- Provide you with optional e-TOC alerts and/or citationalerts;
- Transfer your submission to an alternative KEO title ifapplicable;
- Offer assistance to deposit your data (ifapplicable);
- Create a profile of your publication record based on publicly available data, such as published booksand articles, citations and grants This information will not be used to determine article acceptance, nor will it be used for automated decision making. This information will be used to personalise communications and provide you with latest news about our products and services;
- Authorise and process Article Publication Charges(APCs);
- Any additional orders such as article
For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest in providing you assistance, optimising our services and preventing fraud, also provide info about products and services of interest to you Article 6 sec. 1 sent. 1 lit. f GDPR.
Your personal account registration data is, in the absence of exceptions within the specific services mentioned, retained for as long as your account is used. Non-activity is defined at a minimum of five years, to facilitate ease-of-return for account holders.
Content and communications, associated with submissions, reviews or decisions made by an account holder is held for a period of 12 months following final decision before being encrypted and sent for storage to a long term limited-access archiving service (Aries contract), as far as required in order to achieve the following purposes.
Retrieval of archived content will be engaged as appropriately in relation to the services provided and in the interests of the integrity of the public record of published research. Such a decision will be made under the oversight of the KEO Group with consideration to statutory storage obligations. The need for legal actions within the services or payment problems, can lead to a longer retention of your personal data.
In order to ensure the high quality of our journals and publications, as well as the utility of the research published, we have implemented a peer review procedure.
In order to find and contact suitable and qualified peer reviewers to review within the relevant research community, editors and administrators may create a profile using your publication record based on publicly available data and some of your basic personal data (i.e. email address, name and research interest) to register you for our Peer Review System. The legal basis for processing your personal data is the Publisher’s or the respective editor’s legitimate interest in finding and contacting suitable and qualified peer reviewers to ensure the high level of papers and articles published in our journals, Art. 6 (1) sent. 1 lit. f GDPR.
If you do not wish to be contacted any longer, you can contact us by sending an email to the email address provided in the footer of any message sent. Please note that we may keep some of your personal data in order to register your explicit wish to not be contacted in the future, and thus to prevent any future processing of your data in this regard. The legal basis for this is the Publisher and your legitimate interest in recalling your wish and preventing any future contacting, Article 6 (1) sent. 1 lit. f GDPR.
IV. Third party content
Links to third party websites
V. Information sharing
Where personal data is disclosed to third parties for the purposes mentioned above the legal basis for the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR. Some of the recipients may reside outside the EEA. Data is only shared to the extent that it is needed to perform the service of peer review, and peer review is to be conducted within the security of the workflows which control these access permissions.
In the course of providing our peer review services, your data may be accessed by different members of the editorial team such as editors and assistants to the editorial office. To determine the locations of the editorial board members, you may refer to a journal’s homepage. Granting access to your personal data and the respective processing activity will be based on our and the legitimate interest of the respective society publishing the Journal in successfully publishing high quality articles and papers and ensuring the quality and significance of the respective research published in our journals, products and databases, Article 6 sec. 1 sent. 1 lit. f GDPR.
In order to do so we and/or the respective society may process your personal data to find, contact, and evaluate suitable and qualified peer reviewers within the relevant research community. This also includes data sharing between us and the respective society. For example, we may share reviewer and author data to publish the journal.
Please note that the publisher and the society are independently responsible for the respective data processing conducted. We can neither limit the extent to which personal data is processed by the respective society nor do we regulate the processing’s purpose or the period your personal data will be retained. It is also possible that the above-mentioned societies may disclose your personal data to their business partners, third parties or authorities. For further information on the data processing under the society’s control please refer to the respective society’s privacy notice.
We provide TOC (table of content) alerts to members as part of the services they are entitled to under their membership with the society. This is a core element of the overall service and to this end your personal (i.e. name and email address) data is transferred to KEO by the society. The legal basis for processing is Art. 6 (1) 1 lit. b GDPR. Individual members may opt-out of TOC alerts at any time.
Your personal data will be transferred to and processed inside and outside of the EEA. For further information on cross border data transfer, please refer to section VI.
With respect to Article Publication Charges (APCs); if you are an author we’ll share your personal data with third parties, like your institution or employer. This is required to manage and approve payment of associated APCs in order to fulfill the publication of your manuscript, where applicable. By submitting your article for consideration, you acknowledge that if you are recognised as affiliated to an institution or funder with a KEO open access agreement, your name and contact details may be shared with a representative from that institution or funder in order for us to verify whether they agree to cover, in full or in part, the article processing charge (APC) that is payable upon editorial acceptance of submitted articles. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR, to fulfil our contractual obligations to you.
Should you choose not to follow the open access route to publication we may still share your personal data with the institution or funder you’re affiliated with. Importantly we will only do this post publication to ensure there’s no bearing on the evaluation of your submission prior to acceptance. The legal basis to share your data in this instance is Article 6 sec. 1 sent. 1 lit. f GDPR, our legitimate interest to develop and improve our open access program to the benefit of authors and the scientific community generally.
Customer service, administrative, operational and systems support is provided by other entities of the KEO Group and third party contractors (together “Contractors”). We may disclose your personal data to Contractors who assist us in providing the services we offer through the Submission and peer review system. Such a transfer will be based on data processing agreements in accordance with Article 28 of the GDPR. Therefore, our Contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests. Further services, provided by third party technology and service providers, are similarly bound by data processing agreements.
ORCID is a non-profit organisation that provides researchers with a unique digital identifier. These identifiers can be used by editors, funding agencies, publishers, and institutions to reliably identify individuals in the same way that ISBNs and DOIs identify books and articles. The ORCID website provides researchers with a page where comprehensive research activity can be documented. This includes peer review data.
We offer direct verification of peer review contributions to researchers’ ORCID profiles via Editorial Manager, if the reviewer authorises it. This means that if you opt-in to this service during review submission, acknowledgement of your peer review contribution (journal name and year of review only) will be deposited directly to your ORCID profile by KEO.
We may disclose anonymous aggregate statistics about users of the Submission to publication workflow systems in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will not include any personal data. We may provide aggregated data for inclusion in publishing metrics.
In the event that we undergo re-organisation or are sold to a third party, any personal data we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law. We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order). The legal basis for this will be Article 6 sec. 1 sent. 1 lit. c GDPR (in conjunction with the respective national law).
VI. Cross border data transfers
Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the European Economic Area [EEA]) which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.
In the case of a transfer outside of the EEA, this transfer is safeguarded by EU Model Clauses in accordance with Article 46 GDPR. You can find further general information about the aforementioned safeguards by following this link https://ec.europa.eu/info/law/law-topic/data-protection_en .
We have industry-standard security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and amended as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet, and any such submission is at your own risk.
VIII. Data retention
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
IX. Your rights
Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:
- require (i) information as to whether your personal data is retained and (ii) access to and/or copies of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retentionperiods;
- requestrectification, removal or restriction of your personal data, g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
- refuseto provide and –without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
- object, on grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data orpresent you with the legitimate grounds for ongoing processing;
- takelegal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators;
- require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit that data to another controllerwithout hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
- notto be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you, or affects you with similar significance.
You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.
X. Contacting us
For matters related to your registration and data stored within specific journals, please refer to contact persons listed at the journal’s homepage.
XI. Amendments to this policy
We reserve the right to amend this policy from time to time by updating our website respectively. Please visit the site regularly to ensure you have access to the most up-to-date policy.
Annex: Notes to external editors/reviewers
In the course of the collaboration between KEO and external editors and reviewers, KEO transfers personal data to the editors and reviewers. The editors and reviewers process this personal data in their own responsibility as independent controllers. Thus, the editors and reviewers have to comply with the applicable regulations of data protection law, in particular with respect to the EU General Data Protection Regulation (GDPR). This entails the following obligations with regard to the data processing:
- Editors and reviewers need to respect the principles of lawfulness, fairness and transparency of the data processing and document their compliance with the applicable obligations. This means that personal data may only be processed for specified, explicit and legitimate purposes and the processing shall be limited to what is absolutely necessary in relation to these purposes. Processing must be transparent to the persons whose data is processed, and persons whose data is processed may have certain rights, in particular with respect to access to or deletion and correction of such data. Personal data shall generally not be used for purposes other than the ones it was collected
- Personaldata may only be processed if permitted by a legal For example, this is the case if an editor processes reviewer data to identify appropriate reviewers, invite and/or select them for assignment. Further, reviewer and editors may need to process author data to enable and foster effective communication between the different parties. Personal data should not be proliferated to third parties without a solid reason.
- When processing personal data adequate measures should be implemented to ensure theprotection and secrecy of the data. This includes measures to prevent that the data is accessed by unauthorised third parties, e.g., by using keys and/or passwords for the relevant systems and data encryption if possible, or that data is deleted or amended accidentally, e.g., by using backup systems. If the data is no longer needed for the purposes it was collected for, e.g., if the review is completed and the journal published, the data needs to be deleted/destroyed, unless there are grounds that justify longer retention. Those reasons may arise from journalistic duties, documentation obligations and accounting or tax.