1. General Information

These conditions, together with the Special Conditions that may apply preferentially, regulate the provision of services by Index Publishing SL (hereinafter, “Index”), with registered office at Carrer de Joanot Martorell, 22, 08014, Barcelona, ​​Spain and CIF: B21713888, to institutions and entities that contract its services, as well as to users who access the Platform.

2. Definition of terms

For the purposes of this contract, the following definitions shall apply:

  • Client: The institution, entity or organization (usually the official body of a scientific society, university or journal ) that contracts and is responsible for the publishing , management and editorial content of the journal .
  • User: Any person who accesses the Index Platform, who can perform different roles (author, reviewer, editor, reader, etc.).
  • Platform: The SaaS editorial management system that Index makes available for the submission, review, editorial management and publishing of articles.
  • Additional Editorial Services: The complementary services offered by Index, such as style review, typesetting and preparation of formats (PDF, HTML, XML) and advice on indexing .
  • Account: The record that the Client creates on the Platform, which may include user data (authors, reviewers, editors, etc.) according to the information provided during registration.
  • Special Conditions : Set of documents issued by Index in which the specific conditions and terms of the relationship between the parties are set out for each specific case, exceptions or nuances to these General Conditions or to other documents included in the contractual documentation.

3. Acceptance of the conditions

This contract will be considered accepted and in force under any of the following circumstances:

The use of services and the activation of functionalities on the Index Platform imply the full and unconditional acceptance of these General Terms and Conditions, whether through:

  • Express written confirmation or email of the personalized quote issued by Index.
  • Sending the information necessary to register the journal on the Platform.
  • Any subsequent access to or use of the Platform by the Client or its authorized users.
  • Any act that allows for the understanding of tacit acceptance by the Client.

4. Subject of the contract

This agreement establishes the general terms and conditions governing the relationship between Index and the Client (the journal 's publishing institution) and, where applicable, its users, in relation to any services provided by Index. These services include, by way of example, the following:

  • Access to and use of Index's Editorial Management Technology Platform (SaaS).
  • The provision of additional editorial services (style review, typesetting , metadata generation, DOI assignment, PDF, HTML and XML formats).
  • Online publishing of open access articles and technical assistance in indexing processes (without guarantee of acceptance in databases ).
  • Any other services provided by Index to the Client.

Index will grant the Client a license to use the Platform, in SaaS mode, non-exclusive, non-transferable, revocable and limited in time and territory in accordance with the terms agreed in the Special Conditions, and to the extent that the Client is in compliance with the obligations assumed under the contract.  

In the event of any conflict between the clauses established in these General Terms and Conditions and the Special Conditions agreed upon specifically for an individual contract, the Special Conditions shall prevail over the General Conditions.

5. Modular design and customization

The services are offered in a modular manner, allowing the Client to contract, independently or in combination, the following modules:

  • Editorial management and peer review platform.
  • Web publishing system for articles.
  • Additional editorial services ( editorial workflow , typesetting , etc.).

The details of the contracted services, prices, duration and specific issues will be regulated in the Special Conditions and will be reflected in the personalized budget that will form an integral part of this contract.

6. Duration and extension

Unless otherwise agreed in the Special Conditions or in a budget, the contract will have an initial duration of 12 months from the acceptance of the budget, and will be automatically extended for annual periods, unless express notice of cancellation is given at least 30 calendar days before the expiry of the current period.

7. Price, currency and taxes

Prices will be quoted in euros (EUR) or the currency specified in the personalized quote. For international clients, applicable tax regulations will apply. Unless expressly stated otherwise, prices do not include VAT or other taxes payable by the client under applicable regulations.

Index may update its rates due to technical improvements or market changes, notifying you at least 30 days in advance of renewal.

8. Payment method and penalties for non-payment

Payment will be made by bank transfer, credit card, PayPal or other enabled means.

  • In the event of a delay exceeding 20 calendar days from the invoice due date, the late payment interest provided for in sections 2 and 3 of Article 7 of Law 3/2004 will be automatically applied (ECB legal interest applicable to the corresponding semester + 8 percentage points).
  • If two unpaid invoices accumulate, Index may suspend access to the Platform and/or the contracted services, after notifying the Client by email, and may reactivate the service once the situation has been regularized and the corresponding interest and management expenses have been paid, without the Client being able to demand liability or compensation from Index as a result, and without prejudice to any other actions or rights that Index may reserve.

9. Nature of the content and responsibilities 

Index acts as a mere provider of hosting services for the purposes of the LSSI 34/2002 on information society services and electronic commerce (LSSI) (arts. 13 to 17), and therefore will not be responsible for the content, including links, published on its Platform, nor does it assume a general obligation to supervise the content beforehand, nor to carry out active searches.

The Client or, where applicable, the authors who publish through the Platform will be solely responsible for the published content, including its legality, accuracy, originality, intellectual/industrial property rights, data protection, honor, image and veracity. 

Although Index may provide editorial services (e.g., style editing, proofreading, citation standardization, typesetting , and, where applicable, translation) upon request, these services are purely formal and technical in nature and do not involve substantive review, verification, validation, or any guarantee regarding the accuracy, truthfulness, legality, scientific/academic suitability, or correctness of the content submitted by the Client or its authors. Consequently, Index does not supervise or assume responsibility for the published content, criteria, judgments, or conclusions, which are the sole responsibility of the Client and/or the content authors. Similarly, in the case of translations, Index does not guarantee absolute fidelity, technical precision, or terminological appropriateness of the translated text. The Client is responsible for the final review and approval before publishing .

When, within the framework of the service, links or search tools are provided that allow access to content hosted by third parties, Index will not be responsible for the information to which the user is directed.

Without prejudice to the foregoing, and in accordance with Articles 16 and, where applicable, 17 of the LSSI, when Index becomes aware that the information or content may be unlawful or harmful to the property or rights of third parties, it will act diligently to remove the data or make access to it impossible as quickly as possible, collaborating to the extent possible with the user and, where appropriate, with the competent authorities, and providing a notification channel through the email address ******@in*******.com to communicate such matters.

In cases of repeated infringement or serious breaches of content policies or current legislation, Index may suspend or cancel accounts or access, limit functionalities and report the facts to the competent authorities, where appropriate, all without the right to compensation for the infringer.

The Client guarantees that it has the necessary rights and authorizations over the content that the Client or its users publish or allow to be published and undertakes to hold Index harmless against claims, penalties, damages and any costs arising from the content published by the Client or its end users.

10. Customer Obligations

The Client agrees to:

  • Provide complete, truthful and up-to-date information for the registration of the journal , including user data (authors, reviewers, editors, etc.).
  • To ensure the correct use of the Platform by its users and to monitor compliance with these conditions.
  • Make payments according to the agreed conditions.
  • Ensure that all published content complies with current legislation regarding intellectual property, privacy, and other applicable regulations.

11. Index Obligations

Index is committed to:

Index is committed to:

a) Access and Service:

    • Provide uninterrupted access to the Editorial Management Platform and the website, in accordance with the terms of this contract and the customized budget.
    • Ensure that the Platform operates in accordance with the agreed technical specifications, except for interruptions due to scheduled maintenance or force majeure.

b) Support and Maintenance:

    • We offer technical and functional support via email at ******@in*******.com , from Monday to Friday, 9:00 AM to 5:00 PM (Barcelona time), with an estimated response time of 24 to 48 business hours.

c) Data Export:

    • In the event of termination of the contractual relationship, the Client may request the export of all data generated on the Platform (including metrics, user information, and published articles) within a maximum period of 120 days from the date of termination of the contract. After this period, Index will not be obligated to maintain, retain, or export said information and may archive or delete it in accordance with its internal policies and applicable regulations.

d) Domain Management:

    • The Client will have the option to acquire the web domain owned by Index at the end of the collaboration, under conditions that will be agreed separately.

12. Protection of personal data

Both Parties guarantee that the processing of personal data in relation to the Contract will be carried out in compliance with the data protection obligations applicable to them in accordance with the General Data Protection Regulation 2016/679 (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, with adequate safeguards to ensure its security and confidentiality.

With regard to the contact details of the representatives and employees processed under the Contract, these will be processed by the other party for the purpose of enabling the development, fulfillment, and monitoring of the agreed service provision relationship. The basis for this processing is the performance of the contractual relationship, and the data will be retained for the entire duration of this relationship and until any potential liabilities arising from it have expired. Subsequently, in accordance with Article 19 of the Spanish Data Protection Act (LOPD), the processing of contact details and, where applicable, details relating to the function or position held will be permitted, provided that the following requirements are met: (a) the processing refers only to the data necessary for their professional contact; and (b) the purpose of the processing is solely to maintain relationships of any kind with the legal entity for which the data subject provides their services.

The parties may request access to, rectification, erasure, portability, and restriction of processing of their personal data, as well as object to such processing, by contacting the email addresses of each of the Parties. They may also file a complaint with the Spanish Data Protection Agency (AEPD) or any other competent authority.

Regarding the data that the Client makes available to Index to guarantee the execution of the contract, the parties acknowledge that, insofar as Index processes personal data on behalf of the Client for the provision of the services covered by this Contract, the Client will act as the Data Controller and Index as the Data Processor, in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).

The Client guarantees the legality of the data that he/she makes available to Index and the information to interested parties in accordance with Articles 13 and 14 GDPR.

The Client guarantees that it is authorized to process end-user data and has a valid legal basis for subcontracting and sharing personal data with Index for the purpose of providing services. Furthermore, the Client guarantees that it has taken appropriate and necessary measures to this end and that, in general, it complies with all applicable data protection regulations, including the information obligations under Articles 13 and 14 of the GDPR. To this end, Index provides the Client with a specific section to obtain end-user consent and to inform end-users of the Client's privacy policy at the time of registration, which is the Client's sole responsibility.

The processing of personal data carried out by Index in its capacity as Data Processor is necessary for the proper provision of the Services covered by this Contract and will be governed by the provisions of the Processing Agreement which is incorporated into the Contract as Annex I.

13. Confidentiality

Both parties agree to maintain the confidentiality of all information exchanged within the framework of this contract.

Each Party shall maintain the information to which it has access in connection with the provision of services contained herein as strictly confidential and shall not disclose any part thereof, except as permitted or required for the fulfillment of the recipient's obligations under this Agreement. Furthermore, each Party shall take appropriate measures to prevent unauthorized access to the Confidential Information. The Parties may disclose the Confidential Information and permit its use, in accordance with these General Terms and Conditions, to the following persons (provided that the conditions of this clause are observed): (a) employees and directors of the recipient who necessarily require such information to fulfill the recipient's obligations under the contractual relationship; (b) the recipient's auditors and professional advisors, solely and exclusively for the purpose of providing their professional advice; (c) if Index is the recipient, agents and subcontractors who require such information to fulfill Index's obligations under the provision of services; and (d) as required by any other legal provision.

The confidentiality restrictions set forth in this Clause shall not apply to any information to the extent that: (a) such information is in the public domain without breach of this Clause; or (b) it is in the possession of the recipient (with full right of disclosure) prior to receiving it from the other party; or (c) it is lawfully received from a third party (with full right of disclosure); or (d) it has been independently developed by the recipient without having had access to or use of the Confidential Information; or (e) disclosure is required by law, courts, or any other competent authority. The confidentiality obligations shall remain in effect for the duration of the contractual relationship between the Parties and for two (2) years thereafter. 

14. Terms of use

The following conditions are established for the use of the Platform:

  • Users must use the Platform ethically, safely and in accordance with current regulations.
  • The use of credentials by third parties and any action that may compromise the security or integrity of the system is prohibited.
  • The Client must immediately report any security incident affecting their account.

15. Communication with users

For the sole purpose of enabling Index to send commercial communications about its own products or services, the Journal is obliged to enable a specific, separate, and non-pre-selected consent option in the end-user registration process, allowing users to authorize the journal to share their email address with Index. In relation to this marketing purpose of Index, Index will act as the data controller, and the Journal will transfer data to Index based on the user's consent (Art. 6.1.a GDPR).

The Journal will not share data for Index's own marketing purposes unless it has obtained specific and separate consent from users, as set out below:

  1. Consent must be obtained individually, through a separate checkbox from any other consents intended for acceptance of the terms of use, privacy policy, sending of commercial communications from the Client or others.
  2. The Client will retain evidence of user consent (date/time, user, medium, clause text/version, IP or technical identifiers and proof of double opt-in if used).
  3. The Client will inform Index of any revocations or objections to consent, or exercise of rights notified to the Client by users.
  4. When the Client offers the option at the time of registration by Users, the Client must include an acceptance box that expresses the following:

“The User wishes to receive commercial communications, promotions, and relevant content via email related to the products or services of Index Publishing SL (hereinafter, “Index”). By checking this box, the User consents to the journal sharing the User's email address with Index. The User may revoke their consent and object to the processing of their data at any time by contacting Index at the following email address: co ******@in*******.com . Further information regarding this processing can be found in Index's Privacy Policy at the following link: https://index-360.com/politica-privacidad/ .”

16. Intellectual Property

The articles and materials shared on the Platform will be the property of their respective authors and/or, where applicable, the Client, in accordance with the licenses or assignments they have granted. Index does not acquire rights to the scientific content of the articles, except by express agreement and by virtue of the validly granted licenses or assignments.

Notwithstanding the foregoing, Index, as a company in the publishing sector, will hold the intellectual property rights that may correspond to it over its original contributions to the publishing process, including:

  • translations, adaptations or transformations of texts that reach the status of derivative work, in the terms of arts. 11 and 21 TRLPI;
  • layouts, designs, templates, covers, graphic and diagramming elements that constitute original creations;
  • the exploitation rights over the collective work that the journal as a whole may constitute, when the requirements of art. 12 TRLPI are met and unless otherwise agreed;
  • the rights that may correspond to him/her over databases generated by the Platform, where applicable.

Index grants the Client a non-exclusive license to use the necessary editorial contributions to publish and distribute the article/ journal in accordance with the contract. The Client grants Index a non-exclusive, irrevocable, worldwide license, limited to the provision of the service, to host, technically reproduce, format, and make the content available on the Platform. Any exclusive assignment, sublicense, or extension of uses or rights will require an express written agreement.

17. Limitation of liability

Index will not be responsible for:

  • Delays, errors or interruptions in service resulting from causes beyond its control, including third-party or network problems.
  • Indirect damages, loss of data, profits or any harm arising from the use of the Platform, except in cases of proven willful misconduct or negligence.
  • Success in indexing or acceptance processes in databases depends exclusively on the management and presentation of the content by the Client.
  • For the Content published on the Platform, in accordance with point 9 of these general conditions.

18. Modification of conditions

Index reserves the right to modify these terms and conditions at any time. In the event of substantial changes, the Client will be notified at least 30 days in advance of their effective date. Continued use of the Platform will constitute acceptance of the modifications.

19. Cancellation and termination

  • Cancellation: Either party may terminate the contract with 30 days' notice.
  • Non-payment: Failure to pay two consecutive invoices will entitle Index to suspend or, where appropriate, terminate the contract, applying late payment interest and corresponding management costs, without this automatically implying the loss of the service without prior formal notice of the situation.

20. Jurisdiction and applicable law

These terms and conditions shall be governed by Spanish law. For any dispute arising from their interpretation or application, the parties submit to the jurisdiction of the Courts of Barcelona, ​​expressly waiving any other jurisdiction.

21. Final acceptance

These conditions form an integral part of any quote issued by Index and will be considered accepted when the Client confirms the quote or sends the information necessary to register the journal on the Platform.

Client may contact: co ******@in*******.com

ANNEX I - Processing Agreement

INDEX PUBLISHING S.L., as the service provider and in its capacity as Data Processor (hereinafter the “ Processor ”), will process the personal data it receives from the CLIENT, as the Data Controller (hereinafter the “ Controller ”), in relation to the execution of the Contract for the provision of Services, following the instructions of the CONTROLLER.

This Data Processing Agreement (hereinafter, “Agreement”) supplements the General Terms and Conditions of INDEX PUBLISHING, SL and any other agreement between Index and the Client governing the Client's use of the Service pursuant to Articles 26 and 28 of the General Data Protection Regulation (EU) 2016/679 (hereinafter, “GDPR”) and Organic Law 3/2018 (“LOPDGDD”). In the event of any conflict between this Agreement and other terms and conditions regarding the regulation of personal data protection for the processing carried out by INDEX during the provision of its Services, this Agreement shall prevail.

All of this, in accordance with the following,

Stipulations

1. Object

1.1. The PROCESSOR, within the framework of this Agreement, will process personal data on behalf of the CONTROLLER, in accordance with the terms and conditions established in this document.

1.2. The processing is carried out for the purpose of guaranteeing the provision of Platform services according to the terms agreed in the Special Conditions and General Conditions.

1.3. The duration of the assignment will extend as long as the contractual relationship between the parties is maintained.

1.4. The personal data provided by the CONTROLLER to the PROCESSOR relates to the categories of data and interested parties specified in Appendix I.

2. Obligations of the Data Processor

The MANAGER and all his staff commit to the following:

2.1. Use the personal data being processed, or that collected for inclusion, only for the purpose of this engagement. Under no circumstances may you use the data for your own purposes.

2.2. Process the data in accordance with the documented instructions of the CONTROLLER.

2.3. If the PROCESSOR considers that any of the instructions infringe the GDPR, LOPDGDD or any other provision on data protection of the European Union or of the Member States, the PROCESSOR will immediately inform the CONTROLLER.

2.4. Do not disclose the data to third parties, unless you have the prior express written authorization of the CONTROLLER, in the legally established and admissible cases.

2.5. The PROCESSOR may disclose the data to other processors acting on behalf of the same controller, in accordance with the CONTROLLER's instructions. In this case, the CONTROLLER will identify, in advance and in writing, the entity to which the data should be disclosed, the data to be disclosed, and the security measures to be applied for the disclosure.

2.6. The PROCESSOR will transfer personal data to a third country or organization only on the documented instructions of the CONTROLLER. If the PROCESSOR is required to transfer such personal data to a third country or an international organization under applicable European Union or Member State law, it will inform the CONTROLLER of that legal requirement in advance, unless such law prohibits it for important reasons of public interest.

2.7. Likewise, the PROCESSOR is obliged to return to the CONTROLLER the support or supports with the personal data, or to destroy them, at the latter's request, once the provision of Services has ended, without keeping any copy of them.

2.8. Subcontracting.

a. The PROCESSOR may subcontract with third parties the execution of personal data processing activities for the proper provision of the Services subject to the commission.

b. Pursuant to the provisions of the GDPR and LOPDGDD, any subcontracting of the Service carried out for the fulfillment of the contract that the PROCESSOR wishes to carry out must be communicated to the CONTROLLER at the email address indicated in the Special Conditions, indicating the processing that is intended to be subcontracted and clearly and unequivocally identifying the subcontracting company and its contact details.

c. The list of authorized Sub-Managers is found in Appendix I.

d. The subcontractor, who will also have the status of processor, is equally obliged to comply with the obligations established in this document for the PROCESSOR and the instructions issued by the CONTROLLER.

e. The PROCESSOR is responsible for entering into a new contract with the new processor, ensuring that the new processor is subject to the same conditions and formal requirements as the PROCESSOR, with regard to the proper processing of personal data and the guarantee of the rights of the data subjects. In the event of non-compliance by the sub-processor, the PROCESSOR will remain fully liable to the CONTROLLER for compliance with its obligations.

2.9. The PROCESSOR may share the CONTROLLER's personal data with third-party companies at the CONTROLLER's instruction. In such cases, since the PROCESSOR is acting on the CONTROLLER's instructions, it is not required to give prior notice, and the CONTROLLER will be responsible for ensuring that the PROVIDER complies with the guarantees regarding personal data protection and its compliance with applicable regulations.

2.10. Maintain the duty of secrecy regarding the personal data to which the PROCESSOR has had access by virtue of the Services provided to the CONTROLLER, even after the relationship between them has ended.

2.11. Ensure that persons authorized to process personal data expressly and in writing commit to respecting confidentiality and complying with the corresponding security measures, which must be duly communicated to them.

2.12. Keep available to the CONTROLLER the documentation proving compliance with the obligation established in the previous section.

2.13. Ensure that the necessary training in personal data protection is provided to the persons authorized to process such data.

2.14. To assist the CONTROLLER, taking into account the nature of the processing, through appropriate technical and organizational measures, whenever possible, so that the CONTROLLER can fulfill its obligation to respond to requests for the exercise of the rights of data subjects.

2.15. When data subjects exercise their rights of access, rectification, erasure, and objection, as well as the right to restriction of processing, data portability, and the right not to be subject to automated individual decision-making, the PROCESSOR must notify the CONTROLLER by email to the address provided by the CONTROLLER. This notification must be made as soon as possible, with every effort being made to ensure it occurs within 3 business days of receiving the request, and must include, where applicable, any other information that may be relevant to resolving the request.

2.16. Right to information. It is the responsibility of the CONTROLLER to provide the right to information at the time of collecting the data of the interested parties.

2.17. Data security breach notification

a. The PROCESSOR shall notify the CONTROLLER, without undue delay, and in any case before the maximum period of 36 hours, and through a simple communication, of the security breaches of which it becomes aware of the data under its charge, together with all relevant information and documentation of the incident.

b. Notification will not be required when it is unlikely that such a security breach constitutes a risk to the rights and freedoms of natural persons.

c. The notification shall include at least the following information:

i. Description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected.

ii. The name and contact details of the data protection officer or other contact point where further information can be obtained.

iii. Description of the possible consequences of the breach of personal data security.

iv. Description of the measures taken or proposed to remedy the personal data breach, including, where appropriate, measures taken to mitigate its possible adverse effects. If and to the extent that it is not possible to provide the information simultaneously, the information shall be provided in stages without undue delay.

2.18. To support the CONTROLLER in carrying out data protection impact assessments, where appropriate.

2.19. To support the CONTROLLER in carrying out the necessary consultations with the supervisory authority, where appropriate.

2.20. To make available to the CONTROLLER all the information necessary to demonstrate compliance with its obligations, as well as for the performance of audits or inspections carried out by the controller or another auditor authorized by him, when required.

2.21. Security Measures. The PROCESSOR undertakes to apply the necessary security measures to personal data to prevent its alteration, loss, unauthorized processing, or access, taking into account the state of the art, the nature of the data stored, and the risks to which it is exposed, whether arising from human action or the physical or natural environment. In this regard, in accordance with Articles 24 and 32 of the GDPR, the PROCESSOR is obliged to have implemented appropriate technical and organizational security measures.

2.22. Specifically, the MANAGER will adopt the security measures set out in Appendix I.

2.23. The PROCESSOR undertakes to destroy the data once the service has been completed. However, the PROCESSOR may retain a copy, with the data duly blocked, for as long as liabilities may arise from the performance of the service.

 

3. Obligations of the data controller

The CONTROLLER undertakes to:

3.1. Respond to the personal data being processed.

3.2. Carry out an assessment of the impact on the protection of personal data of the processing operations to be carried out by the processor where appropriate.

3.3. To guarantee the duty to inform interested parties in accordance with Articles 13 and 14 GDPR.

3.4. Make the necessary preliminary inquiries.

3.5. To ensure, both before and throughout the processing, compliance with the GDPR and LOPDGDD by the PROCESSOR.

3.6. Communicate changes to the basic data structure that imply or may imply a change in the application of security measures.

3.7. To provide the CONTROLLER with access only to data that is adequate, relevant and not excessive, due to the purpose of the contracted Service.

3.8. The CONTROLLER must guarantee to the data subject, based on the nature, scope, context and purposes of the processing, pursuant to Article 24 of the GDPR, that it has adopted the appropriate technical and organizational measures to maintain the security of the personal data provided.

3.9. It is the responsibility of the CONTROLLER to communicate data security breaches to the interested parties as soon as possible, when the breach is likely to pose a high risk to the rights and freedoms of natural persons.

Communication must be in clear and simple language and must, at a minimum:

a. Explain the nature of the data breach.

b. Indicate the name and contact details of the data protection officer or other contact point where further information can be obtained.

c. Describe the possible consequences of a personal data security breach.

d. Describe the measures taken or proposed by the controller to remedy the personal data breach, including, where appropriate, measures taken to mitigate its possible adverse effects.

3.10. The CONTROLLER will ensure that the Service Providers or third-party companies to which the PROCESSOR communicates personal data under the CONTROLLER's instructions comply with the guarantees regarding data protection and other applicable regulations and is responsible to the PROCESSOR.

APPENDIX I TO THE TREATMENT COMMISSION

1. Types of personal data provided by the CONTROLLER to the PROCESSOR:

a. Identification and contact information:

  • Name, surname.
  • Email.
  • Alias/username, Internal user ID, Account ID.
  • Email address.
  • Telephone (mobile/landline).
  • Profile picture or avatar if the interested party voluntarily decides to include an identifying image.

b. Credentials and access control:

  • User name.
  • Password / Password Hash.
  • Authentication/session tokens.

c. Usage data, profile and personalization:

  • Photo/avatar.
  • Profession and workplace.
  • Position/role on the platform (reader, author, reviewer, editor, subscriber).
  • Communication preferences (e.g., subscription to operational newsletters from the Journal ),
  • UI language, accessibility settings.
  • Preferred country/language.

c. Technical data and telemetry

  • IP address, user-agent, operating system, resolution.
  • Technical identifiers (session/device ID).
  • Strictly necessary cookies and, where instructed, analytical identifiers.
  • User behavior on the platform when logged in: content viewed.

and. Support and user service

  • Tickets/inquiries and histories.
  • Attachments and documents provided by the user.
  • Diagnostic metadata (IDs, timestamps, user-submitted captures).

f. Subscriptions, transactions and billing (if the Journal sells subscriptions/products)

  • Subscription/plan status, sign-up/renewal/cancellation dates.
  • Tokenized PSP payment identifiers (e.g., masked last 4 digits, first and last name, email address, and method ID).
  • Billing information and tax receipts for the Journal .

g. Consent and compliance management

  • Acceptance of the Journal 's Terms and Conditions/Privacy Policy.
  • Consent traces (timestamp, text version, origin, IP).
  • Withdrawal/opposition registers and suppression lists (do-not-contact).

h. User-contributed content (according to editorial functionalities)

  • Texts, files and uploaded metadata (e.g., manuscripts, brief CV, declarations).
  • Comments/notes/messages in editorial flows.
  • Articles, including author names, can be shared with other international indexes or articles. This is based on the execution of a contract.

i. Security and prevention of fraud/abuse

  • Security logs (failed attempts, blocks, technical reputation).
  • Integrity signals (bot detection, rate-limits).

j. Operational analytics on behalf of the Journal (pseudonymized/grouped)

  • Usage KPIs, retention, send/read funnels.

2. The personal data processed by the PROCESSOR of the CONTROLLER corresponds to the following categories of data subjects:

  • End customers or end users of the CONTROLLER.
  • Workers or staff dependent on the RESPONSIBLE.

3. Type of treatment performed

The Commission will involve the following data processing:

  • Data storage and preservation.
  • Access to and consultation of information.
  • Data analysis and processing.
  • Information transformation.

4. Security measures:

  • Regular cloud and physical backups.
  • Services are protected under VPN.
  •  User control.
  • User access via username and password.
  • Access control by roles and restriction by privilege levels.
  • Hashed passwords.
  • Database encryption 
  • Access to internal databases and repositories via 2FA.

5. Sub-processors or suppliers authorized by the CONTROLLER and International Data Transfers: