GDPR Compliance Statement

Effective Date: February 12, 2026

ScholarNote is committed to protecting personal data and respecting the privacy rights of individuals in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This statement outlines how ScholarNote acts as a data processor and, in certain contexts, as a data controller, and describes the measures implemented to ensure lawful, transparent, and secure data processing.

1. Scope of This Statement

This GDPR Statement applies to all personal data processed through the ScholarNote platform relating to authors, reviewers, editors, administrators, institutional users, and other stakeholders located in the European Economic Area (EEA).

2. Roles and Responsibilities

  • Data Controllers: Journals, publishers, and institutions using ScholarNote determine the purposes and means of processing personal data.
  • Data Processor: ScholarNote processes personal data solely on documented instructions from the data controller.

3. Lawful Bases for Processing

ScholarNote processes personal data under one or more lawful bases, including:

  • Performance of a contract
  • Legitimate interests in operating scholarly workflows
  • Compliance with legal obligations
  • User consent where required

4. Categories of Personal Data

  • Identification data (name, affiliation, role)
  • Contact data (email address, professional contact details)
  • Account and authentication data
  • Academic and publishing data (manuscripts, reviews, metadata)
  • Technical and usage data (IP address, system logs, device information)

5. Data Subject Rights

Under GDPR, individuals have the right to:

  • Access their personal data
  • Rectification of inaccurate or incomplete data
  • Erasure (“right to be forgotten”) where applicable
  • Restriction of processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

6. Data Security Measures

ScholarNote implements appropriate technical and organizational measures including:

  • Role-based access control
  • Secure authentication and authorization mechanisms
  • Data encryption and secure storage practices
  • Audit logging and monitoring
  • Regular system updates and vulnerability management

7. Data Retention

Personal data is retained only for as long as necessary to support scholarly publishing workflows, contractual obligations, and legal requirements. Journals and institutions may define additional retention schedules in accordance with their governance policies.

8. International Data Transfers

Where personal data is transferred outside the EEA, ScholarNote ensures appropriate safeguards are in place, including contractual data protection clauses and recognized transfer mechanisms.

9. Sub-Processors

ScholarNote may engage vetted sub-processors to support hosting, infrastructure, analytics, or communication services. All sub-processors are contractually obligated to comply with GDPR and maintain appropriate security standards.

10. Data Breach Management

ScholarNote maintains documented incident response procedures. In the event of a personal data breach, ScholarNote will notify the relevant data controllers without undue delay and provide necessary information to support regulatory reporting obligations.

11. Privacy by Design and Default

ScholarNote incorporates data protection principles into system architecture, product development, and operational processes to ensure only necessary personal data is processed and that privacy safeguards are enabled by default.

12. Contact and Data Protection Enquiries

For GDPR-related questions, data subject requests, or compliance enquiries, please contact:

ScholarNote Data Protection Office

Email: support@scholarnote.ac

This GDPR Statement supports ScholarNote’s commitment to lawful, transparent, and responsible processing of personal data within the global scholarly ecosystem.