(information obligation set out in art. 13 of the GDPR )
I. Who is the personal data controller and how to contact the controller?
The controller of personal data processed in the www.editorialsystem.com
is “Bentus” company (Bartosz Stefaniak carrying out business activities as a sole proprietorship), with its registered office in Poznań, os. Pod Lipami 14/19, 61-638 Poznań, Poland, entered into the Central Registration and Information on Business kept by the Minister of Economy, holder of NIP 972-106-60-57 and REGON 300418842; Email: firstname.lastname@example.org
II. What is the scope of personal data processing within the editorialsystem.com?
The personal data controller provides to Users services by electronic means via the editorialsystem.com. In order to provide such services, Users are obliged to provide personal data.
Personal data will be processed in particular:
- To identify authors, reviewers, editorial staff, publishing house staff, members of scientific conferences’ committees involved in the flow of articles and conference abstracts submitted to scientific journals and for conferences and to contact such persons to the extent necessary for that process.
III. Who is the data recipient or what are the categories of data recipients? Will my personal data be transferred to third countries or international institutions?
Categories of data recipients
Recipients of personal data will be publishing houses of scientific journals and organisers of scientific conferences with which the Controller has executed agreements. Publishing houses and organisers may be based in third countries (outside the European Union).
IV. How long will my personal data be processed?
The period for which the personal data will be stored
Personal data processed in order to perform the agreement will be processed for the term of the agreement and thereafter, for the period necessary for archiving purposes in the context of publishing activities of data recipients. If data are not required to comply with obligations under the agreement on provision of services by electronic means or statutory obligations, such data are deleted.
V. Do I have to provide my personal data?
The use of the System is voluntary, nevertheless, in order to provide services via the System, we need your data. If no data are provided, we will be unable to provide services and fulfil the obligation to provide services by electronic means.
VI. What are my rights?
Rights of each person whose data are processed by the Controller:
- the right of access to his/her personal data, i.e. the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and information on such processing,
- the right to rectification if data processed by the Controller are inaccurate or incomplete,
- the right to request from the Controller erasure of data,
- the right to request from the Controller restriction of personal data processing,
- if applicable - the right to data portability, i.e. the right to receive personal data provided to the Controller and to transmit those data to another controller;
- the right to object processing of personal data,
- the right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal),
- the right to lodge a complaint with a Polish supervisory authority or a supervisory authority of another European Union Member State of his or her habitual residence or place of work of the data subject or place of the alleged infringement of the GDPR
The rights listed in items 1-7 above may be exercised e.g. by contacting the Controller.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).