Privacy Policy

Effective date: 1 January 2024
Last updated: 1 January 2024
Website: technicalreport.org

Technical Report Journals (TRJ, “we”, “us”, “our”) is a diamond open access publisher based in Poland. We take privacy seriously and aim to protect personal data processed through our websites and publishing workflows. This Privacy Policy explains what data we collect, how we use it, with whom we may share it, how long we keep it, and what rights you have.

We have prepared this policy to meet the requirements of the EU General Data Protection Regulation (GDPR) and applicable Polish data protection rules. The GDPR is widely recognized as a high standard for privacy protection, and TRJ aims to apply these standards in all relevant processing activities. Whether particular GDPR provisions apply to you depends on your situation (for example, where you live and how you interact with our services).

1. Scope

1.1 Controller and contacts

This website and TRJ publishing services are provided by Technical Report Journals (TRJ) as the data controller for purposes of GDPR.

Controller: Technical Report Journals (TRJ)
Address: [Insert TRJ legal/registered address in Poland]
General contact: info@technicalreport.org (or your preferred address)
Privacy contact: privacy@technicalreport.org (recommended)

DPO/Representative: Naveed Ahmed
DPO contact: dpo@technicalreport.org (recommended)

1.2 What this policy covers

This policy applies to the use of technicalreport.org and related TRJ services, including (as applicable):

  • journal and publisher webpages,

  • manuscript submission and peer review workflows,

  • editorial correspondence and decision-making,

  • production and publication activities,

  • dissemination of article metadata to indexing/archiving services,

  • communications with authors, reviewers, editors, and readers.

1.3 What “personal data” means

“Personal data” means information that relates to an identified or identifiable person. This can include details such as your name, email address, affiliation, and online identifiers such as an IP address.

2. Automatic data collection (server and browser data)

2.1 Server log data

Like most websites, our servers automatically collect certain information sent by your browser when you visit our site. This may include:

  • IP address of the device making the request,

  • referring page (referrer URL),

  • date and time of access and time spent,

  • pages and files requested,

  • browser type/version,

  • device type, operating system, and basic technical settings.

2.2 Why we collect logs

We use logs to:

  • provide a stable, functional website,

  • protect the site and users (security monitoring, anti-abuse, incident investigation),

  • troubleshoot errors and improve performance,

  • compile basic statistics about site usage (generally in aggregated form).

We do not use server logs to build detailed profiles of individuals. Log data is not combined with unrelated sources in a way that identifies you, unless needed for security or legal reasons.

2.3 Legal basis

Where GDPR applies, our legal bases are:

  • legitimate interests in operating and securing our website (GDPR Art. 6(1)(f)),

  • and, where a visit is connected to the delivery of requested services, performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)).

2.4 Retention of logs

Unless a longer retention is required for security investigations or legal obligations, we generally keep server logs for up to 24 months for IT security and system integrity purposes.

3. Cookies and similar technologies

3.1 What cookies are

Cookies are small text files saved on your device when you visit a website. They allow the website to recognize your browser and support essential features and preferences.

3.2 Cookie choices and consent

When required, we ask for your consent before using non-essential cookies. You can:

  • accept all cookies,

  • reject non-essential cookies,

  • or choose categories (e.g., preferences, statistics/analytics, marketing if used).

You can change your choices at any time through our cookie settings (typically linked in the website footer or cookie banner).

3.3 Types of cookies we may use

  • Essential cookies: required for core site functionality and security.
    Legal basis: legitimate interests (GDPR Art. 6(1)(f)) and/or legal obligations (GDPR Art. 6(1)(c)) where applicable.

  • Preference cookies: remember settings you choose (e.g., language).
    Legal basis: consent (GDPR Art. 6(1)(a)) where required.

  • Analytics/statistics cookies: help us understand how the site is used so we can improve it.
    Legal basis: consent (GDPR Art. 6(1)(a)) where required.

  • Marketing cookies: used only if we run marketing/advertising features; these are optional and not necessary to use the site.
    Legal basis: consent (GDPR Art. 6(1)(a)) where required.

3.4 Cookie duration

  • Session cookies are deleted when you close your browser.

  • Persistent cookies remain until they expire or you delete them.
    Exact durations depend on the cookie and are shown in the cookie settings/tool where available.

3.5 Analytics tools

TRJ may use privacy-respecting analytics (for example, a self-hosted analytics solution) to understand website performance and usage. If analytics cookies are used, we rely on consent where required, and details (including any IP masking/pseudonymization options) are provided through the cookie settings.

4. Data you provide voluntarily

4.1 Contacting TRJ

If you contact us by email or via a website form, we process the information you provide (e.g., name, email, message content) to respond to your inquiry and manage follow-up communication.

Legal basis:

  • performance of a contract / pre-contractual steps (GDPR Art. 6(1)(b)) where relevant, and/or

  • legitimate interests in responding to communications (GDPR Art. 6(1)(f)).

We keep contact messages only as long as needed to resolve the matter and meet any retention obligations.

4.2 Author, reviewer, and editor information (publishing workflow)

If you submit a manuscript, agree to review, or serve as an editor, we may process:

  • identity and contact details (name, email),

  • affiliation and expertise information,

  • manuscript files and metadata (title, abstract, keywords),

  • review reports and editorial decisions,

  • communications related to peer review and publication,

  • declarations (funding, conflicts of interest, ethics statements).

Legal basis: performance of a contract / steps requested by you (GDPR Art. 6(1)(b)) and legitimate interests in maintaining an effective and trustworthy publishing process (GDPR Art. 6(1)(f)).

4.3 Newsletters and announcements (if offered)

If you subscribe to updates, TRJ may send newsletters or announcements. Where required, we use a confirmation process (e.g., double opt-in). You can unsubscribe at any time using the link in the email or by contacting us.

Legal basis: consent (GDPR Art. 6(1)(a)).

5. Sharing data with third parties

5.1 Service providers (processors)

We may use trusted service providers to support publishing operations and website delivery. These providers process personal data only on our instructions and under appropriate contractual safeguards (GDPR Art. 28). Examples include:

  • website hosting and email delivery,

  • manuscript handling and production support (copyediting/typesetting),

  • security and anti-spam services,

  • analytics providers (if enabled and consented where required).

5.2 Publishing ecosystem recipients

To ensure discoverability and preservation of published research, we may share article metadata (and where relevant, full text) with:

  • indexing and abstracting services,

  • repositories and archiving/preservation services,

  • DOI registration agencies (where applicable),

  • library discovery services.

5.3 Legal and safety disclosures

We may disclose personal data when required by law, court order, or to protect rights, safety, and the integrity of the scholarly record (e.g., research integrity investigations).

5.4 International transfers

If data is transferred outside the European Economic Area (EEA), we will do so only when an appropriate legal mechanism is in place, such as:

  • an EU adequacy decision, or

  • EU Standard Contractual Clauses (SCCs), and other appropriate safeguards (GDPR Arts. 44–50).

6. How long we keep personal data (retention)

Unless a different period is stated for a specific activity, we retain personal data only for as long as needed for the purpose it was collected and to meet legal or integrity requirements. Typical periods include:

  • Website/server logs: generally up to 24 months (security and system integrity), unless needed longer for incident investigation.

  • Contact inquiries: kept until the inquiry is resolved, then retained only as needed for records and legal requirements.

  • Editorial and peer review records: retained to support audit trails, integrity investigations, and dispute resolution (often several years).

  • Published articles and essential publication metadata: retained indefinitely as part of the permanent scholarly record.

We may keep certain information longer where required by law (e.g., accounting, tax, or legal defense limitations).

7. Your rights (GDPR)

Where GDPR applies, you may have the right to:

  • access your personal data,

  • correct inaccurate data,

  • request deletion in certain circumstances,

  • restrict processing in certain circumstances,

  • object to processing based on legitimate interests,

  • data portability (where applicable),

  • withdraw consent at any time (where processing is based on consent),

  • lodge a complaint with a supervisory authority.

To exercise your rights, contact: privacy@technicalreport.org or the DPO/Representative Naveed Ahmed at dpo@technicalreport.org.

Note on published research: Because publications form part of the scholarly record, requests to remove published author details may be limited. Where changes are justified, TRJ generally addresses them through corrections or formal notices rather than removing the record entirely.

You may also lodge a complaint with the Polish supervisory authority: UODO (Urząd Ochrony Danych Osobowych).

8. Security

We use reasonable technical and organizational measures to protect personal data, such as access controls, secure hosting practices, encrypted connections (HTTPS), backups, and monitoring. Despite these measures, no system can guarantee absolute security.

If we become aware of a personal data breach that creates a risk to individuals, we will take appropriate steps to mitigate harm and provide notifications where required by law.

9. Children’s privacy

TRJ does not knowingly collect personal data from children through website features intended for general users. For manuscripts involving minors as study participants, authors are responsible for meeting ethical requirements, including guardian consent where required and protection of participant privacy.

10. External links

Our websites may link to third-party sites (e.g., indexing services, repositories). TRJ is not responsible for how third parties handle personal data. Please review their privacy policies separately.

11. Automated decision-making

TRJ does not make editorial or publication decisions solely through automated processing. Automated tools (e.g., spam prevention or similarity checks) may be used to support security and editorial processes, but final decisions remain subject to human editorial judgment.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on technicalreport.org and the “Last updated” date will be revised accordingly.

Contact

Technical Report Journals (TRJ)
Address: [Insert TRJ legal/registered address in Poland]
Privacy email: privacy@technicalreport.org
DPO/Representative: Naveed Ahmed (dpo@technicalreport.org)