Privacy Statement

1. Data Controller

This journal operates under the responsibility of the Publisher and Editorial Office. The Publisher acts as Data Controller in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR).

For privacy-related inquiries, please contact:
editor@rheumatologybg.org

2. Personal Data We Collect

Through the Open Journal Systems (OJS 3.5) platform, we collect and process the following personal data:

  • Name and surname

  • Institutional affiliation

  • Email address

  • ORCID iD (if provided)

  • Country

  • Account username

  • IP address (system-generated)

  • Reviewer activity and editorial history

  • Correspondence related to submissions

No sensitive personal data are intentionally collected.

3. Purpose of Data Processing

Personal data are processed exclusively for the following purposes:

  • Management of manuscript submission and peer review

  • Editorial decision-making

  • Communication with authors, reviewers, and editors

  • Publication of accepted articles

  • Indexing and archiving in bibliographic databases

  • Compliance with ethical and publishing standards

  • Prevention of publication misconduct

Legal basis for processing:

  • Performance of a contract (Article 6(1)(b) GDPR)

  • Legitimate interest in scholarly publishing (Article 6(1)(f) GDPR)

  • Legal obligations related to scientific publishing and archiving

4. Publication and Public Disclosure

For accepted articles, the following information becomes publicly available:

  • Author names

  • Affiliations

  • Corresponding author email

  • ORCID iD (if provided)

  • Acknowledgements and funding disclosures

Published articles are distributed under a Creative Commons license (CC BY 4.0 unless otherwise stated).

Metadata are shared with indexing and abstracting services, including but not limited to:

  • Scopus

  • Crossref (for DOI registration)

  • Google Scholar

Such dissemination is part of standard scholarly publishing practice.

5. Data Storage and Security

The journal uses Open Journal Systems (OJS 3.5), which implements technical and organizational safeguards including:

  • Role-based access control

  • Password-protected accounts

  • Secure server hosting

  • Restricted editorial access

Personal data are stored only as long as necessary for editorial, legal, and archiving purposes.

6. Data Sharing

Personal data are not sold or used for commercial marketing purposes.

Data may be shared only with:

  • Editors and reviewers involved in manuscript evaluation

  • Technical service providers hosting the OJS platform

  • Indexing services and archiving repositories

  • Research integrity and ethics bodies when required

All data transfers comply with applicable data protection regulations.

7. User Rights (GDPR)

In accordance with GDPR, users have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request erasure where legally permissible

  • Restrict processing

  • Object to processing based on legitimate interest

  • Request data portability

Requests should be sent to the Editorial Office email address.

Please note that removal of published metadata may not be possible where it conflicts with scholarly record integrity.

8. Cookies and Log Data

OJS uses cookies necessary for authentication and system functionality. These cookies do not track users for marketing purposes.

Server logs may store IP addresses for security and technical maintenance.

9. Third-Party Services

The journal may integrate services such as:

  • ORCID authentication

  • Crossref DOI registration

  • Similarity checking software

  • Indexing databases

These services operate under their own privacy policies.

10. Policy Updates

This Privacy Statement may be updated periodically to reflect legal, technical, or editorial changes. The current version is published on the journal website.