Skip to main content
resera

General Data Protection Regulation (GDPR)

At Hoofddorp Research Center, we are fully committed to complying with the General Data Protection Regulation (GDPR) and ensuring that your personal data is protected and processed in a lawful, transparent, and secure manner. This GDPR Compliance Statement outlines how we meet the requirements of the GDPR and explains your rights regarding your personal data.

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation enacted by the European Union (EU) to enhance the protection of individuals' personal data and provide greater control over how businesses collect, store, and process that data. The GDPR applies to all organizations that process the personal data of individuals within the EU, regardless of where the organization is located.

As part of our commitment to data protection, we aim to be fully compliant with the GDPR’s principles of transparency, accountability, and security in the processing of personal data.

2. Our Role as a Data Controller

Under the GDPR, Hoofddorp Research Center is considered a data controller, which means we determine how and why your personal data is collected and used. We are responsible for ensuring that your data is processed in accordance with the GDPR.

When you use our website, register an account, or submit a manuscript, you are providing us with personal data, and we are responsible for ensuring its security and compliance with data protection regulations.

3. What Personal Data We Collect ?

We collect and process personal data from authors, reviewers, and users who interact with our website. The types of data we may collect include:

  • Identification Data: Full name, email address, postal address, and phone number.

  • Account and Submission Data: Username, password, manuscript details (title, abstract, keywords), co-authors, affiliation, and other submission-related information.

  • Payment Data: Billing information and payment card details (processed securely by our third-party payment processors).

  • Usage Data: Information related to your activity on our website, such as IP address, browser type, device type, and page visits.

  • Cookies and Tracking Technologies: Data collected via cookies to analyze website traffic and enhance user experience.

4. Legal Basis for Processing Your Personal Data

We process your personal data based on the following legal grounds as outlined by the GDPR:

  1. Consent: When you submit a manuscript or subscribe to our newsletter, we obtain your explicit consent to process your personal data for those purposes. You can withdraw your consent at any time.

  2. Contractual Necessity: We process personal data when it is necessary to fulfill our contract with you. For example, to review your manuscript, communicate with you regarding your submission, and publish accepted work.

  3. Legitimate Interests: We may process your data when it is in our legitimate interest to do so, such as improving our website, sending relevant updates, or optimizing the user experience. However, we ensure that our interests do not override your fundamental rights and freedoms.

  4. Legal Obligations: We may process your data to comply with legal obligations, such as financial reporting, tax laws, and maintaining accurate records.

5. Your Rights Under GDPR

As an individual whose personal data we process, you have the following rights under GDPR:

  1. Right to Access: You have the right to request access to the personal data we hold about you.

  2. Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.

  3. Right to Erasure: You may request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

  4. Right to Restrict Processing: You have the right to restrict the processing of your personal data under certain conditions, such as when the accuracy of the data is contested.

  5. Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, and machine-readable format for transfer to another organization.

  6. Right to Object: You can object to the processing of your personal data for direct marketing purposes or when processing is based on our legitimate interests.

  7. Right to Withdraw Consent: If you have provided consent for us to process your data, you can withdraw that consent at any time.

6. Data Security and Protection

We are committed to ensuring the security of your personal data. We implement a variety of technical and organizational measures to protect your data from unauthorized access, alteration, or disclosure. These include:

  • Encryption: We use SSL encryption to protect sensitive data, such as payment information, during transmission.

  • Access Control: Access to personal data is limited to authorized personnel only, based on their role and responsibilities.

  • Regular Audits: We conduct regular security audits to assess the effectiveness of our data protection measures.

  • Data Minimization: We only collect and retain the personal data necessary for our business purposes.

However, please note that no data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee the absolute security of any data transmitted to or from our website.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including legal and regulatory requirements. After this period, your data will be securely deleted or anonymized, unless there are legitimate reasons for further retention (such as ongoing legal obligations).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. Cookies help us analyze website usage, personalize content, and improve functionality.

For more details on how we use cookies, please refer to our Cookie Policy.

9. International Data Transfers

As a global organization, we may transfer your personal data to countries outside your jurisdiction, including outside the European Economic Area (EEA). When transferring data internationally, we ensure that appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) or other lawful mechanisms under GDPR.

10. Third-Party Providers

We may use third-party service providers, such as payment processors or email marketing platforms, to assist in providing services. These third parties are carefully selected and required to comply with the applicable data protection regulations to ensure your data is handled securely.

11. Complaints and Dispute Resolution

If you believe thatHoofddorp Research Center is not processing your personal data in accordance with the GDPR, you have the right to lodge a complaint with the supervisory authority in your country. In the UK, this would be the Information Commissioner’s Office (ICO).

12. Changes to this GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in data protection laws, practices, or our services. When we update the policy, we will notify you by posting the revised version on our website with an updated Effective Date.