Privacy Statement

Privacy Statement

Last updated: 28.02.2026

SERA Open Press ("we," "our," or "the Publisher") is committed to protecting the privacy of all individuals who interact with our journals and publishing platform. This Privacy Statement explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable Romanian data protection legislation.

Data Controller

SERA Open Press Romania

Contact for data protection inquiries: privacy@serapress.com

What Personal Data We Collect

We collect and process personal data necessary for the operation of our scholarly publishing platform. This includes:

From Authors

  • Full name, institutional affiliation, and country
  • Email address and ORCID iD (if provided)
  • Biographical statement (if provided)
  • Manuscript files, cover letters, and submission metadata
  • Correspondence related to the editorial process

From Reviewers

  • Full name, institutional affiliation, and country
  • Email address and ORCID iD (if provided)
  • Areas of expertise
  • Review reports and editorial correspondence
  • Review history (completion rates, response times)

From Editors

  • Full name, institutional affiliation, and country
  • Email address and ORCID iD
  • Editorial decisions and correspondence

From Readers and Website Visitors

  • IP address and browser information (via server logs)
  • Usage data (pages visited, download statistics)
  • Information voluntarily provided through registration or contact forms

Legal Basis for Processing

We process personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Article 6(1)(b)): Processing necessary to manage manuscript submissions, conduct peer review, and publish accepted articles.
  • Legitimate interest (Article 6(1)(f)): Processing necessary for the operation of our publishing platform, prevention of fraud, and improvement of our services.
  • Consent (Article 6(1)(a)): Where applicable, such as for optional communications or newsletter subscriptions. Consent may be withdrawn at any time.
  • Legal obligation (Article 6(1)(c)): Where required to comply with applicable laws and regulations.

How We Use Personal Data

Personal data is used exclusively for purposes related to scholarly publishing:

  • Managing the submission and peer review process
  • Communicating with authors, reviewers, and editors about manuscripts
  • Publishing accepted articles (author names, affiliations, and article metadata are made publicly available as part of the published record)
  • Registering Digital Object Identifiers (DOIs) with Crossref
  • Generating anonymized usage statistics (e.g., download counts)
  • Improving our platform and editorial processes
  • Complying with legal and regulatory requirements

Data Sharing and Third Parties

We may share personal data only where necessary for the publishing process:
Crossref  - Author names, affiliations, article metadata - DOI registration and metadata indexing
ORCID - ORCID iD (if provided by user), Author identification and profile linking
PKP Preservation Network - Published article content and metadata -  Long-term digital preservation
Hosting provider - All platform data (encrypted) - Infrastructure and server operations

We do not sell, rent, or trade personal data to any third party. We do not use personal data for advertising or marketing purposes unrelated to our publishing activities.

AI-Assisted Editorial Tools

SERA Open Press uses AI-assisted tools in certain editorial processes (see our AI Transparency Statement for details). When AI tools process manuscript data:

  • Processing occurs through enterprise-grade services with zero data retention policies, or through self-hosted models
  • Manuscript content is never used to train third-party AI models
  • AI processing is limited to administrative functions (plagiarism checks, formatting validation, reviewer matching) and does not involve editorial judgment
  • All AI data processing complies with GDPR requirements

Data Retention

We retain personal data for the following periods:

Published article metadata (author names, affiliations) - Indefinitely, as part of the permanent scholarly record
Submission and review records - 10 years after final editorial decision, for audit and integrity purposes
Reviewer records - Duration of active reviewer status plus 5 years
Server logs and usage data - 12 months
Account data for inactive accounts - 3 years after last activity, then anonymized or deleted

After the retention period, personal data is either anonymized or securely deleted.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls limiting data access to authorized personnel
  • Regular security assessments of our platform
  • Secure server infrastructure with regular backups

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): Request deletion of your personal data, subject to legal and legitimate retention requirements. Note: published scholarly records may be exempt from erasure requests to preserve the integrity of the academic record.
  • Right to restriction of processing (Article 18): Request that we limit how we process your data.
  • Right to data portability (Article 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@serapress.com. We will respond within 30 days.

Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Romania, the relevant authority is:

Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP) Website: https://www.dataprotection.ro

Cookies

Our website uses essential cookies necessary for platform functionality (e.g., session management, user authentication). We do not use tracking cookies or third-party advertising cookies. If analytics cookies are used in the future, we will obtain your consent before activating them.

Changes to This Statement

We may update this Privacy Statement periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through our website. The "Last updated" date at the top of this page indicates the most recent revision.