Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is:

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide

• Name, email address, and institutional affiliation when creating an account
• Manuscript submissions and associated author information
• Correspondence with our editorial team
• Payment information for Article Processing Charges
• Reviewer reports and editorial communications

2.2 Automatically Collected Information

• IP address and browser information
• Pages visited and time spent on our website
• Referring website information
• Device type and operating system

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing necessary to fulfill our publishing services
• Legitimate interests (Art. 6(1)(f)): Improving our services and website functionality
• Legal obligations (Art. 6(1)(c)): Compliance with tax and record-keeping requirements
• Consent (Art. 6(1)(a)): Marketing communications and optional cookies

4. How We Use Your Data

Your personal data is used for the following purposes:

• Processing and managing manuscript submissions
• Communicating about the peer review process
• Publishing articles and maintaining the scholarly record
• Processing payments and issuing invoices
• Sending service-related notifications
• Improving our website and services
• Complying with legal and regulatory requirements

5. Data Sharing

We may share your personal data with:

• Peer reviewers: Anonymized manuscript content for review
• Indexing services: Published article metadata
• Payment processors: For secure payment processing
• Service providers: Hosting, email, and analytics services
• Legal authorities: When required by law

We do not sell your personal data to third parties.

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

• Published articles: Permanently (part of the scholarly record)
• Account information: Duration of account plus 3 years
• Rejected manuscripts: 2 years after rejection
• Financial records: 10 years (German tax law requirement)
• Website analytics: 26 months

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (with limitations)
• Restriction: Limit processing of your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent

To exercise these rights, please contact us at privacy@scholarlyopen.org.

9. Cookies

We use cookies and similar technologies on our website. Essential cookies are necessary for the website to function. Analytics and preference cookies are only used with your consent.

You can manage your cookie preferences through our cookie banner or your browser settings.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

11. Complaints

If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with a supervisory authority in your jurisdiction. Please contact us at privacy@scholarlyopen.org and we will assist you in identifying the appropriate authority.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email.

13. Contact Us

If you have any questions about this privacy policy or our data practices, please contact: