RSYN PRESS Skip to main content
Home
Archives Search Login Submissions

Legal

Privacy Policy

Last updated: 08 March 2026

Privacy Policy

Last updated: April 13, 2026

This Privacy Policy explains how RSYN PRESS ("RSYN PRESS", "we", "our") collects, uses, shares, and protects personal data in compliance with the EU General Data Protection Regulation (GDPR) (EU) 2016/679, the UK Data Protection Act 2018, and other applicable privacy laws including the California Consumer Privacy Act (CCPA).

1. Data Controller

The data controller responsible for your personal data is RSYN PRESS, contactable at raman@rsyn.org.

2. Personal Data We Collect

We collect personal data you provide directly:

  • Account registration: name, email address, username, password
  • Author profile: affiliation, ORCID iD, biography, interests
  • Reviewer information: expertise, availability
  • Submitted manuscripts and related correspondence
  • Payment information (where APCs apply) — processed via third-party PCI-compliant providers

We also collect technical data: IP addresses, browser type, pages visited, and timestamps, through server logs and cookies. See our Cookie Policy.

3. Lawful Basis for Processing

We process personal data on the following legal bases under GDPR Article 6:

  • Contractual necessity: Processing required to provide editorial and publishing services.
  • Legitimate interests: Operating the journal, preventing fraud, improving services.
  • Consent: For newsletters and optional communications. Consent may be withdrawn at any time.
  • Legal obligation: Where we are required by law to retain data.

4. How We Use Your Data

  • Managing the submission, review, and publication process
  • Communicating about your submission or account
  • Sending newsletters and announcements (with consent)
  • Issuing certificates and participation records
  • Complying with legal and regulatory obligations
  • Statistical analysis and service improvement (anonymised where possible)

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Peer reviewers and editors (as necessary for the review process, with anonymisation)
  • Indexing services (CrossRef, DOAJ, PubMed, Scopus) — metadata and ORCID only
  • Cloud hosting providers and email delivery services acting as data processors under GDPR Article 28 agreements
  • Law enforcement, where required by legal obligation

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses or reliance on adequacy decisions under GDPR Articles 45–47.

7. Data Retention

We retain personal data for as long as necessary for the purposes described above. Published article metadata and author information are retained indefinitely as part of the permanent scientific record. Account data is retained for 7 years after account closure unless a shorter period is required by law.

8. Your Rights (GDPR / UK GDPR)

Under applicable data protection law, you have the right to:

  • Access your personal data (Article 15)
  • Rectification of inaccurate data (Article 16)
  • Erasure ("right to be forgotten"), subject to overriding legal obligations (Article 17)
  • Restriction of processing (Article 18)
  • Data portability (Article 20)
  • Object to processing (Article 21)
  • Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at raman@rsyn.org. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority, including the UK Information Commissioner's Office (ICO) or the relevant EU Data Protection Authority.

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA: the right to know what personal information is collected, the right to delete it, the right to opt-out of sale (we do not sell personal information), and the right to non-discrimination for exercising these rights.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration, consistent with ISO/IEC 27001 principles.

11. Changes to this Policy

We will notify registered users of any material changes to this policy by email or via a prominent notice on the website. The "Last updated" date at the top of this page indicates when the policy was last revised.