- The Controller of personal data processed based on the System (https://www.editorialsystem.com) shall be “Bentus” company (Bartosz Stefaniak carrying out business activities as a sole proprietorship), with its registered office in Poznań, os. Pod Lipami 14/19, 61-638 Poznań, entered into the Central Registration and Information on Business kept by the Minister of Economy, holder of NIP 972-106-60-57 and REGON 300418842, the producer of applications - the Editorial System and the Journals System.
- Cookies are computer data, in particular text files stored on the user’s device and designed to use websites.
- Cookies are placed by the following entities: the Controller of personal data and Google as part of the Google Analytics service (https://policies.google.com/privacy/partners?hl=eng).
- The Editorial System and the Journals System store information as cookies for the following purposes:
- functional purposes to remember settings selected by the user and adapt the user’s interface,
- statistical purposes to create anonymous statistics, which allow for improving systems offered.
- Each user may decide on his/her own how cookies are stored on his/her device. This is enabled by Internet browser settings. Default settings of popular browsers allow for storage of cookies. The user may, in his/her Internet browser settings, block or restrict the sending of cookies.
III. Types of data collected and how they are used
- In order to use the Editorial System service, an account must be created and one must log into that account. Personal data may contain full name, sex, scientific degree, telephone number, email address, institutional affiliation, affiliation address, date of birth, specialty, areas of scientific interest and photograph. Some elements are not required. Some elements, e.g. a photograph, can be added at any time when using the Editorial System. Data of users are used to identify authors, reviewers, editorial staff, publishing house staff, members of scientific conferences’ committees involved in the flow of articles and abstracts submitted to scientific journals and for conferences, and to contact such persons to the extent necessary for that process as part of the Editorial System and the Journals System services. Personal data must be provided for correct performance of the agreement on services provided by electronic means.
- As part of the use of the System, system logs containing but not limited to the date and duration of the visit and IP address from which the connection was made, domain name, browser type, operating system type, information on audience statistics. Such data are processed for statistical purposes and to improve the systems offered. Data are collected anonymously and do not permit identification of individual users.
- The personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the User,
- collected for specified, explicit and legitimate purposes (provision of services) and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
- The Controller shall process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Those measures shall be updated.
- The Controller shall not process any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
- The Controller of personal data shall take all reasonable activities ensuring protection of personal data of users of the Editorial System and the Journals System. This means for example development of relevant technical and organisational rules and procedures to minimise the risk of unauthorised access to the user’s account and to data of users and the risk of disclosing them. Information provided by users shall be processed and stored using appropriate measures of security compliant with requirements set by applicable laws. These measures shall be reviewed and updated where necessary.
- The Controller shall implement technical and organisational measures such as:
- maintaining records of processing activities,
- pseudonymisation and encryption of personal data;
- ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- However, the Controller of personal data shall not guarantee that the risk of unauthorised use of personal data by unauthorised persons acting unlawfully shall be excluded entirely. Any passwords to accounts shall be kept in a safe place and shall not be disclosed to third parties. We must be promptly notified of any cases of unauthorised use of the password or of other threats to security.
V. Rights of Users
- The User shall have the right to obtain from the Controller of personal data confirmation as to whether or not personal data concerning the User are being processed and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the User (data subject) or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the User, any available information as to their source.
- The Controller shall comply with the above obligation e.g. by providing Users with a document at https://www.editorialsystem.com/Personal-data/, which is the performance of art. 13 of the GDPR.
- The User shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- The User shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the User objects to the processing,
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services.
- The User shall have the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the User, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
- the Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
- the User has objected to processing.
VI. Change of personal dataThe Controller of personal data shall ensure that the user has the right to access to and updating or erasure of personal data. These activities can be done mostly on one’s own after logging into the Editorial System. If a functionality has not been provided, this can be done by contacting the Controller at firstname.lastname@example.org.
- The Controller may update this Policy from time to time. The Controller shall inform Users about each amendment to this Policy by publishing a new document on this website.