The said website is owned by Spandidos Publications and Spandidos Publications UK (hereinafter we, us, our), which act as Joint Controllers with regards to the personal data described below. The content of this website has the following aims: to allow access to scientific knowledge in the form of manuscripts published in specific journals, and to give you the opportunity, through its registration process, to submit and publish manuscripts, or to review manuscripts for publication. Both companies have defined the means and the purposes of the processing of your personal data, in order to offer you the aforementioned services.
We are the exclusive administrators of the website in discussion and are responsible for the processing of the personal data you submit, in accordance with the applicable General Data Protection Regulation (EU 2016/679 - GDPR).
1. What is personal data?
According to Article 4(1) of the General Data Protection Regulation, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. What personal data is collected and why?
In case the users of the website voluntarily provide their personal data (e.g. name, address, telephone number or email address), we shall process them for the purposes mentioned below. Users may decline to provide personal information; however, in this case, we may be unable to deliver the services requested.
2.1 For the purpose of your registration
Users are requested to provide the following personal details for registration on the website:
- Email address
- Title, name
- Postal address
- Username & login password
You may also provide your mobile phone number on an optional basis.
Website registration is required before a manuscript can be submitted, subscriptions can be made, or newsletters received. The information is used to provide the service requested and to ensure standards of scientific integrity.
2.2 For the purpose of the submission and publication of a manuscript
Authors are asked to provide the following personal details when submitting a manuscript (in addition to the details required for registration):
- Email address of first and corresponding authors
- Postal address of first and corresponding authors
These details are used to facilitate scientific communication. Visitors of the website and subscribers to our journals can access this information. Our journals are also abstracted and indexed in various databases (see the page for each journal for specific details).
During the manuscript submission process, the authors are requested to suggest five (5) reviewers. In this case, we also process the name, email address, title, position and company/institution of the suggested reviewer. The authors are bound to inform the natural persons they suggest as reviewers about this process before they submit their personal data to us.
2.3 For the purpose of the submission of a CV
When a CV is submitted via the website as part of an application for a job with us, the information included in it is used to assess suitability for the role and will be used to contact you regarding the status of your application. In this case, the personal data we receive refers to employment and background data, which you knowingly disclose to us.
2.4 For the purpose of your registration for an upcoming conference
For participation in conferences and/or workshops organized by Spandidos Publications and/or Spandidos Publications UK, we collect the following personal data:
- Title (e.g. Dr, Professor)
- First name
- Family name
- Phone number
- Email address
2.5 For the purpose of your subscription to our newsletter lists
After you have provided your explicit consent through our website, your email address is used to send you general or conference newsletters, including newsletters relevant to the journal of your choice.
Payment for publication is carried out via bank transfer or credit card, using a third party; therefore, no payment information is processed by us.
3. The lawful basis we use to process your data
Processing of your data is based on one of the following lawful bases: i) performance of contract, ii) legitimate interest, iii) consent, iv) compliance with a legal or regulatory obligation.
4. Disclosure of information
The information we collect is kept secure via the use of administrative, technical and physical safeguards to protect it from loss, misuse, unauthorized access, disclosure or alteration. We use SSL Certificates to enhance the security of our website and web services.
6. Third parties that process data for us
Your personal data are accessed only by our employees, which are bound by confidentiality clauses.
We act on our own in the processing of the personal data we collect, while the recipients of your data might be companies that cooperate with us for the purpose of manuscript setup, and the conversion of your manuscript into xml files, or article databases and libraries.
The recipients of your data may be Mailgun Technologies, Inc., which is assigned with distributing our newsletters. Mailgun is self-certified to the EU-US Privacy Shield Framework maintained by the US Department of Commerce (Privacy Shield).
It is noted that our database host is Hetzner Online GmbH, based in the EU (Germany).
Moreover, when you book your attendance at one of our conferences, the travel agency that we cooperate with for the specific event might process your personal data.
Please note that all our affiliated companies are contractually committed to take the appropriate technical and organizational measures to protect confidentiality, integrity and availability of your data.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is applied to it by ensuring at least one of the following transfer solutions are implemented:
- We will transfer your personal data to countries that have been deemed by the European Commission to provide an adequate level of protection for personal data, referring to the protections afforded by the laws of the country to which the data will be transferred. You can find the relevant decisions of the European Commission here;
- We may use specific contracts approved by the European Commission (standard contractual clauses) to legally bind the processor of your personal data;
- We may transfer data to US-based companies if they are part of the Privacy Shield;
- We are provided with your consent for certain transfers, after informing you of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards;
- We transfer your personal data whenever it is necessary for the performance of the contract between us (the data subject and the Controller), or the implementation of pre-contractual measures taken at the data subject’s request.
7. When do we delete your data?
Your personal data are retained only for as long as it is required according to the terms of our contractual relationship. When the processing of your data is based on your consent (e.g. recipient of newsletters), we delete your data upon withdrawal of your consent. Moreover, we delete the personal data that you provide to us, if there is no legal basis or other requirement for keeping your data, five (5) years after your last activity. It is noted that all published information associated with your manuscript cannot be deleted.
8. Your rights towards your personal data
You can exercise your rights towards the processing of your personal data and specifically:
- Request access to your data here.
- Request the correction of your data, in cases where the data we hold about you are incorrect or insufficient here.
- Request to delete your data, if there is no legal obligation for us to keep them here.
- Withdraw your consent, in cases where consent is the lawful basis for the processing of your data.
- Object to processing for a specific reason here.
- Request restriction of processing here.
- Request to transfer your data to another Controller here.
You may exercise the aforementioned rights, using the above forms, addressed to: firstname.lastname@example.org.
You will receive a response to your request within one (1) month of its receipt. If an extension of two (2) months to respond to your request is required, taking into account the complexity and number of concurrent requests, we will inform you in due time.
If you do not receive a response to your request, you have the right to lodge a complaint with the Data Protection Authority of your residence.
9. Automated decision-making
We do not use automated decision-making.