Legal

Privacy Policy

Privacy Policy

1. Controller

The party responsible for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations is:

no fluff
Dr. Julian Börger
Dr. Jannik Nitz
Klosterstr. 79b, 50931 Cologne, Germany
E-mail: contact@disie.online

A data protection officer is not legally required and has not been appointed.

2. Categories of personal data we process

Operating the DISIE platform (www.disie.online and review.disie.online) involves the following categories of personal data:

  • Server log files (IP address, user agent, timestamp, requested resource)
  • User accounts on the submission and review platform (name, e-mail, optionally ORCID iD, affiliation)
  • Manuscript submissions including files, metadata, and correspondence
  • Review reports, comments, and editorial decisions
  • Publication metadata (author names, affiliations, DOI, publication date)
  • Pseudonymous access statistics via Matomo
  • Billing data where an Article Processing Charge (APC) applies

3. Hosting and server log files

The platform is hosted on servers operated by IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. A data processing agreement under Art. 28 GDPR is in place with the hosting provider.

Each request to a page generates technically necessary log data: IP address, date and time of access, browser, operating system, requested URL, and referrer. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and stable operation). Logs are deleted or sufficiently shortened after 7 days at the latest unless security-relevant incidents require longer retention.

4. Cookies and similar technologies

DISIE uses only technically necessary cookies and session storage required to operate the platform: login session, CSRF protection for forms, and language preference. These are deleted at the end of the session or after a short retention period. Legal basis: § 25 (2) (2) TDDDG (German implementation of the ePrivacy directive) and Art. 6 (1) (f) GDPR. We do not use advertising, tracking, or cross-site profiling cookies; consent via a cookie banner is therefore not required.

5. Web analytics with Matomo

We use Matomo, an open-source analytics tool, on a self-hosted instance at stats.no-fluff.de in Germany (IONOS infrastructure). The configuration is privacy-preserving:

  • IP addresses are truncated before storage (anonymisation)
  • No tracking cookies are set
  • The Do-Not-Track setting of your browser is respected; matching requests are not recorded
  • Data is not shared with third parties; everything stays on our own infrastructure

Purpose: anonymous reach measurement and improvement of the service. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest). Anonymous statistics are deleted or aggregated after 24 months.

6. User accounts on the submission and review platform

A user account is required to submit a manuscript or to participate in the review process on review.disie.online. We process: name, e-mail address, optionally ORCID iD, affiliation, academic website, and the time and IP of each login (for account security).

Legal basis: Art. 6 (1) (b) GDPR (performance of the contract with authors and reviewers) and Art. 6 (1) (f) GDPR (legitimate interest in account security). Retention: for the duration of the contractual relationship; inactive accounts are deleted 5 years after the last activity unless retention obligations from published material apply.

7. Manuscript submissions and peer review

Submitted manuscripts, files, cover letters, and correspondence during peer review are used exclusively for editorial processing.

  • Manuscripts are visible to the assigned reviewers and the editor in pseudonymised form.
  • DISIE operates a double-anonymous review process: authors and reviewers do not learn each other's identities during the review.
  • Subject to the participants' consent, reviews, author responses, and decision letters are published alongside the article as transparent peer review. Consent can be withdrawn at any time; in that case the corresponding documents are not published.

Legal basis: Art. 6 (1) (b) GDPR (performance of the review process) and, for transparent peer review publication, Art. 6 (1) (a) GDPR (consent).

Retention: rejected submissions are deleted 24 months after the decision. Accepted manuscripts are retained permanently in line with scientific archival obligations.

8. Publication and DOI registration

Once a manuscript is accepted for publication, the following data become permanently public:

  • Title, abstract, full text (open access)
  • Author names, affiliations, optionally ORCID iD
  • Keywords, section, publication date, DOI

To register the DOI we transmit these metadata to Crossref (Crossref, 50 Salem Street, Lynnfield, MA 01940, USA), the central authority for issuing and resolving scholarly DOIs. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in permanent citability and discoverability). The transfer to the USA is based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and any additional safeguards.

9. ORCID integration

Authors may voluntarily link an ORCID iD to their account. Signing in via ORCID exchanges data with ORCID Inc. (10411 Motor City Drive, Suite 750, Bethesda, MD 20817, USA). Which fields are transmitted depends on your ORCID privacy settings. Legal basis: Art. 6 (1) (a) GDPR (consent). The third-country transfer is based on your consent and the EU Standard Contractual Clauses.

10. E-mail communication

System notifications (account verification, review invitations, status updates, editorial decisions) are sent from the IONOS server itself. We do not use an external e-mail dispatch service. Legal basis: Art. 6 (1) (b) GDPR (performance of the contract).

11. Recipients and processors

Personal data are shared with the following processors:

  • IONOS SE, Montabaur, Germany — hosting, infrastructure for Janeway, the typesetter, and the Matomo instance. A data processing agreement under Art. 28 GDPR is in place.

Transfers to third countries occur only in the context of DOI registration with Crossref (USA) and the optional ORCID integration (USA); see sections 8 and 9.

12. Retention overview

CategoryRetention
Server logsup to 7 days
Anonymous Matomo statistics24 months
Rejected submissions24 months after decision
Accepted / published articlespermanent (scientific archive duty)
Inactive user accounts5 years after last activity
Billing data10 years (tax retention duty, § 147 AO)

13. Your rights

You have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)
  • withdraw any consent with effect for the future (Art. 7 (3) GDPR)

Please direct any such request to contact@disie.online.

14. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority about the processing of your personal data. The competent authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf — www.ldi.nrw.de.

15. Status and changes

This privacy notice was last updated on 28 May 2026. Adjustments may become necessary if we change our service or if the legal framework changes; the current version is always available at https://www.disie.online/site/privacy/.