Privacy Statement

The German version is the legally binding text under the GDPR. This English translation is provided as a courtesy.

1. Controller

Controller within the meaning of the GDPR is Dr. Jannik Nitz, editor of DISIE. Contact information is in the Legal Notice.

2. What we collect and why

Reader visits. When you read articles or browse the journal, our server logs your IP address, the requested URL, the timestamp, the referer, and your user-agent string. Logs are kept for at most 30 days for operational and security purposes (Art. 6(1)(f) GDPR — legitimate interest in operating a stable, secure service).

Reader / author / reviewer accounts. Account creation requires a name, an email address, an affiliation, and a password. Optionally we store your country, biography, ORCID iD, and notification preferences. We use these data to operate the journal: send transactional emails about submissions and reviews, display the editorial masthead and author bylines, and (with separate opt-in) send occasional announcements. Legal basis: Art. 6(1)(b) GDPR (contract / pre-contract for authors and reviewers) and Art. 6(1)(a) GDPR (consent for the optional announcement opt-in).

Submissions and editorial workflow. Manuscript files, review reports, editorial decisions, and discussion threads are stored on our German server for the duration of the editorial workflow and as part of the published-record archive thereafter (Art. 6(1)(b) and (f) GDPR; scientific archive interest).

3. CAPTCHA

The login, registration, and password-reset forms use ALTCHA, a self-hosted, proof-of-work challenge that runs entirely on our server. ALTCHA does NOT call any third-party service, does NOT set cookies, and does NOT track users across sites. No data leaves our server because of CAPTCHA.

4. ORCID

If you choose to connect your ORCID iD via the "Sign in with ORCID" button, you are redirected to ORCID (orcid.org, ORCID Inc., USA) where you authenticate. ORCID returns to us the iD you authorised us to receive. Connecting an ORCID iD is voluntary; the journal works without it. ORCID's own privacy notice applies during the redirect: orcid.org/privacy. Legal basis: Art. 6(1)(a) GDPR (your consent at the moment of clicking the button).

5. DOI registration with Crossref

On article publication we register a DOI with Crossref (PILA, USA). The Crossref deposit contains the article's metadata: title, abstract, author names, affiliations, ORCID iDs (if provided), and the article URL. This is technically a transfer of personal data to a third country (USA). We rely on the standard contractual clauses Crossref publishes for this transfer. Authors who wish to publish without their personal data appearing in the Crossref deposit must let the editor know before galley proof. Legal basis: Art. 6(1)(b) GDPR (publication is the contractual purpose) and Art. 49(1)(d) GDPR (transfer in the public interest of scholarly communication).

6. OAI-PMH harvesting

Article metadata is exposed via the OAI-PMH protocol so search engines and indexing services (DOAJ, BASE, Google Scholar, etc.) can harvest it. Same scope as the Crossref deposit: title, abstract, author names, affiliations, ORCID iDs (if provided). No reader, reviewer, or editorial-workflow data is exposed via OAI-PMH.

7. AI tools and confidentiality

DISIE itself does not pass submitted manuscripts, reviewer reports, or other confidential editorial material through any external AI service. Where editorial use of AI happens at all, it is limited to locally operated tools that do not transmit content to third-party providers. Authors may use AI in preparing their own submissions and must disclose such use (see Author Guidelines). Reviewers must not paste manuscripts into hosted AI services (see Reviewer Guidelines).

8. Cookies

We set a session cookie (OJSSID) when you log in. It expires on logout or after 30 days of inactivity. The cookie holds nothing more than the session identifier and is required for the editorial workflow to function (Art. 6(1)(f) GDPR — strictly necessary). We set no analytics, advertising, or cross-site tracking cookies. Google Analytics and similar third-party tracking are explicitly disabled.

9. Article processing charges and payment data

Authors of accepted articles are invoiced an APC of 380 EUR. Invoices are issued by no fluff (Inhaber: Dr. Jannik Nitz, Klosterstr. 79b, 50931 Köln) — the editor's sole proprietorship that operates the journal. For invoicing we process: corresponding author name and billing address (provided on acceptance), institutional affiliation if applicable, invoice number, payment date, payment method, and the article-identifier link. Legal basis: Art. 6(1)(b) GDPR (contract — the publication agreement) and Art. 6(1)(c) GDPR (compliance with commercial-law and tax-law record-keeping obligations under § 14, § 14a UStG and § 147 AO).

Payment data is stored on the editor's business systems for the legally required record-keeping period (10 years for invoices). Bank account information you provide for SEPA transfers is processed by the editor's German business bank under that bank's privacy notice; we do not transfer payment data to any third country. Waiver applications and the corresponding decisions are kept with the editorial record; we do not request income proof for waivers.

10. Your rights under the GDPR

You have the right to information (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). To exercise any of these rights, email the editor at jannik.nitz@uni-koeln.de. You also have the right to lodge a complaint with a data-protection supervisory authority — for North Rhine-Westphalia, the Landesbeauftragte für Datenschutz und Informationsfreiheit (LDI NRW): ldi.nrw.de.

11. Hosting

The platform is hosted on servers operated by IONOS SE, located in Germany. The processing agreement (AVV / Art. 28 GDPR) with the hosting provider is on file with the editor.