Submissions

Privacy Statement

Principles Governing the Processing of Personal Data

The principles governing the processing of personal data are defined by the EU General Data Protection Regulation (hereafter: GDPR). Personal data are any information relating to an identified or identifiable natural person. This includes information such as your name, age, mailing or IP address, telephone number, date of birth, email address, and user behaviour. Information that does not allow us to identify you (or would only enable us to do so with disproportionate effort) because the information is anonymized, for example, is not considered personal data. When we collect and use personal data, we strictly limit ourselves to what is technically necessary and comply with the legal provisions. We only collect and use personal data if you have given your consent or if we are legally permitted to do so. It is important to us that you understand why we collect which data and what we use it for. We explain this in the following information on data protection.

Usage data is stored as part of the use of websites in the domain mentioned below. This data is used to identify and track unauthorized attempts to access our website. They also serve to create anonymous access statistics and thus to improve the structure of the website.

These personal data are not disclosed to third parties nor used outside of the ETH Learning and Teaching Journal or Freie Universität Berlin, unless you have granted us your consent to do so or we are required or authorized by law to do so (for example, in relation to law enforcement or suspected plagiarism and other copyright infringements).

Data Controller and Scope

The data controller as defined under the GDPR – as well as other national data protection laws of individual member states and data protection regulations – is:

ETH Zurich, Rämistrasse, 8092 Zürich

We will be happy to answer any questions you may have about our data protection policy. If you have any questions, please contact the Online Editorial Department:

journal@let.ethz.ch

This privacy statement applies to the web presence of learningteaching.ethz.ch hosted by FU Berlin based on the content management system Open Journal Systems.

Specific Data Processing Activities

1. Website provision and usage

• Type and scope of data processing

Whenever you access the above-mentioned domain, a log file is automatically created and stored on the server. This log file includes the following data:

• the website you visited
• the web page from which you accessed our web page (plus the terms entered if this was a search engine)
• date
• time
• the operating system used
• features of the display (resolution in pixels and the pixel ratio for the detection of high-resolution displays) and the browser used (Internet Explorer, Firefox, Opera, etc.)

The log file also stores the volume of the transmitted data, an HTTP status code (for example, to identify a successfully transmitted web page), and the IP address of the device used to access the page (e.g., PC or smartphone) – whereby the IP address is immediately anonymized by the erasure of the last octet of the address.

The data stored in the log file is collected and used solely for anonymous evaluation for statistical purposes (for example, an analysis of user behavior, which pages of the website or subdomain are accessed, which browsers are used, etc.) and thereby serves to improve our services. As IP addresses are anonymized in the way described above, they cannot be mapped to a specific user and cannot be traced to a specific IP address.

• Legal basis

The legal basis for our data processing is Article 6.1.1.e GDPR in conjunction with Section 3 of the Berlin Data Protection Act (BlnDSG) Section 4 of the Berlin Higher Education Act (BerlHG), and Article 6.1.1.c GDPR in conjunction with Section 13.7 of the German Teleservices Act (TMG). The processing of said data is required in order to provide and maintain the website and thus serves Freie Universität Berlin in performing a task carried out in the public interest.Storage period

The log files for the ongoing and previous calendar year are stored for evaluation purposes. In this case, the IP addresses are anonymized. The data are then erased.

2. Registration

In order to be able to submit or review articles, authors and reviewers must register and log in on our website. Registration is required to complete the review process. The legal basis for the collection and processing of the registration data is Article 6.1.b GDPR. The data requested in the registration form will be saved. They serve to uniquely identify the person registering, which is necessary to manage access rights for the submission and review process. The e-mail address provided during registration will be used for communication in the assessment process. Registered users can request the deletion of their accounts by contacting us at the email address given above. Please note that information from the submission and review process will not be affected by the deletion as it belongs to the submitted/reviewed manuscript. Only the account and the personal data it contains will be deleted.

3. Use of Google reCAPTCHA

When registering on our website, we use the Google reCAPTCHA feature to prevent abusive activity by spam bots. When completing registration on our website, the protected reCAPTCHA checkbox must be activated. When the registration page is called up, personal data (e.g. IP address, access location and time) is thereby forwarded to Google. For more information, please visit https://developers.google.com/recaptcha/. If you do not wish to use reCAPTCHA but would still like to create an account with Landscape Online, please send an e-mail to the contact provided above.

4. Orcid-ID und Orcid Profile Plugin

When submitting an article or registering an account, users can enter their Orcid ID and have it verified with the OJS Orcid Profile Plugin via their Orcid account. To do this, the authors must actively log in to Orcid with their ORCID access data and authorize access to their Orcid profile. This authorization constitutes consent to use the Orcid ID in the publication process. Verified Orcid IDs are made publicly available as publication metadata. The use takes place exclusively with consent and on the legal basis of Article 6.1.a GDPR.

5. Personal data for submissions

Personal data submitted together with contributions (in particular names, institutional affiliation, biographical information, e-mail and homepage address) will be published together with the contribution if it is published. The legal basis for processing this data is provided by Article 6.1.b GDPR.

6. Newsletter

Provided that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you a regular newsletter. By registering to receive the newsletter, the visitor expressly agrees to the processing of the transmitted personal data. All that is required to register to receive the newsletter is to provide an e-mail address. It is possible to unsubscribe from the newsletter at any time. To do so please send an e-mail to the contact provided above.

7. Data processing and contact requests

• Type and scope of data processing

On some pages of our website we offer you the opportunity to get in touch with us via a pre-configured contact form. You will be notified of this data protection policy when you are about to submit your data via the contact form. Your email address will be processed if you choose to make use of such a contact form. Submitting your email address to us allows us to properly keep track of your query and to respond to it. The data you have submitted on the contact form will not be disclosed to third parties.

In the event that contact is made via email, the other personal data stated in the message (name, query subject, attachments, date, and time) will be processed along with the sender’s email address.

• Legal basis

Data processing for the purposes of making contact via the contact form as described above is performed on the basis of your voluntarily given consent pursuant to Article 6.1.a GDPR. The legal basis for the processing of personal data in relation to email queries is based on Article 6.1.e GDPR in conjunction with Section 4 BerlHG.

8. Usage Statistics

In order to be able to analyse usage and impact of our journal and the published articles, we collect and log access to the journal’s homepage, issues, articles, galleys and supplementary files. In the process all data is anonymised. No personal information is logged. IP addresses are anonymised by being hashed (using SHA 256) in combination with a secure 64 characters long salt that is automatically randomly generated and overridden on a daily basis. Therefore IP addresses cannot be reconstructed.

The following information is collected next to the anonymised IP addresses:

• Access type (i.e. administrative)
• Request time
• Requested URL
• HTTP status code
• Browser

The collected data is only used for evaluation purposes. No IP addresses are mapped to user IDs. It is technically impossible to trace a specific set of data to a specific IP address.

If you wish you can opt-out of the data collection process. By clicking the <link to https://DOMAIN/usageStats/privacyInformation>, you can actively decide against participating in the statistical analysis. When clicking the opt-out button a cookie is being created on your system to store your decision. If the privacy settings of your browser lead to cookies being automatically deleted you will have to opt-out again the next time you access this website. The cookie is only valid for one browser. If you use a different browser, you will have to opt out again. No individual information is stored within this cookie. This cookie lease is valid for one year after your last access.

Please bear in mind that general server logs are not affected by your decision to opt-out of the detailed evaluation process.

Disclosure of Data

We will only disclose your personal data to third parties when:

• You have given your explicit consent pursuant to Article 6.1.1.a GDPR.
• This is legally permissible and required for the performance of a contract to which you are party pursuant to Article 6.1.1.b GDPR.
• Disclosure of personal data is necessary for compliance with a legal obligation pursuant to Article 6.1.1.c GDPR.
• Disclosure of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Freie Universität Berlin pursuant to Article 6.1.1.e GDPR.

We will notify you if your personal data are to be disclosed due to specific circumstances in an individual case.

Use of cookies on our website

• Type and scope of data processing

We use cookies on our website. Cookies are small files that are sent to the browser of your end device and stored there during your visit to our website. We are unable to offer some functions of our website without the use of certain cookies required for technical reasons. Other cookies allow us to carry out different analyses. For example, if you revisit our website, cookies are able to recognize the browser you use and transmit different kinds of information to us. Using cookies allows us to make our website more user-friendly and effective for you by tracing your use of our website and determining your preferred settings (for example, country and language settings). If third parties process information via cookies, they collect this information directly via your browser. Cookies do not inflict any damage on your end device. They cannot run programs on your end device and do not contain viruses.

• Legal basis

Article 6.1.1.e GDPR in conjunction with Section 3 of the BlnDSG, Section 4 BerlGH, and Article 6.1.1.c GDPR in conjunction with Section 13.7 TMG, serve as the legal basis for data processing of technically necessary cookies. We must obtain your consent for cookies that are not technically necessary and third-party cookies. If you have given your consent to the use of cookies on the basis of one of the notifications on our website (“cookie banner”), the lawfulness of said use also complies with Article 6.1.1.a GDPR. You can revoke your consent at any time with future effect by deactivating cookies in your browser settings.

1. Storage period

As soon as the data transferred via cookies are no longer required to fulfill the purposes described above, this information will be erased, especially if you deactivate cookies. This is usually the case when you close your browser window. The data will only be stored in exceptional cases, for example, if this has been stipulated by law.

Social Media Channels

Our journal gives you the opportunity to share content from our website on your social media channels. For this we use a special plugin that uses the Shariff tool provided by Heise Online. By using Shariff, it is not possible for the providers of the respective social media channels to track your usage behaviour on our website. As soon as you use the Shariff social media buttons, you will be forwarded to the respective provider, where you then have to log in with your personal login data in order to share content on your channels.

If you use the links to these providers, you leave the website of ETH Learning and Teaching Journal and different data protection standards apply than for our website. Please note that the processing, in particular the storage, deletion and use of personal data is the responsibility of the respective service provider and we have no influence on this. Numerous providers are not based in Germany, so they are subject to other legal provisions that may not take German data protection law into account to the required extent.

Information on the scope of the processing of your personal data by providers of social networks and options for protecting your privacy can be found in the data protection guidelines of the respective providers:

    <Facebook: http://www.facebook.com/about/privacy>  
    <Twitter: https://twitter.com/privacy>
    <Instagram: https://help.instagram.com/519522125107875>
    <YouTube: http://www.youtube.com/t/privacy_guidelines>
    <Xing: http://www.xing.com/privacy>

Rights of Data Subjects

As a data subject, you have the following rights concerning the processing of your personal data in line with the GDPR:

• You have the right to request information as to whether or not personal data concerning you are being processed by us pursuant to Article 15 GDPR. In particular, you are entitled to information on: the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom your personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, any available information as to the data’s source if we did not collect it, any transfer of data to a third country or to an international organization, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
• You shall have the right to obtain from us without undue delay the rectification of inaccurate or incomplete personal data concerning you pursuant to Article 16 GDPR.
• You have the right to request from us the erasure of your personal data pursuant to Article 17 GDPR, provided that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
• Pursuant to Article 18 GDPR, you have the right to the restriction of processing where the accuracy of the personal data is contested by you, the processing is unlawful, or we no longer need the personal data but you reject their erasure because they are required by you for the establishment, exercise, or defense of legal claims. You are also entitled to this right to restriction of processing pursuant to Article 18 GDPR if you have submitted an objection to processing pursuant to Article 21 GDPR.
• Pursuant to Article 20 GDPR you shall have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used, and machine-readable format and you have the right to transmit those data to another controller.
• You have the right to withdraw your consent at any time pursuant to Article 7.3 GDPR. Subsequently we shall no longer have the right to continue the data processing based on your consent, with future effect.
• You have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. Generally, you should be able to contact the supervisory authority of your regular place of residence, your place of work, or our offices to do so.

Right to Object

Pursuant to Article 21 GDPR, you have the right, at any time, to object to the processing of your personal data based on Article 6.1.1.e or Article 6.1.1.f GDPR for reasons arising from your particular situation. ETH Learning and Teaching Journal and Freie Universität Berlin will cease to process the personal data, unless we are able to demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or where processing is necessary for the establishment, exercise, or defence of legal claims.

Data Security and Security Measures

We are committed to protecting your privacy and handling your personal data confidentially. To prevent the manipulation, loss, or misuse of your personal data we have stored, we implement comprehensive technical and organizational security precautions that are regularly reviewed and adapted to the latest state of technological progress. This includes using recognized encryption processes such as SSL and TLS.
However, due to the structure of the internet, it is possible that data protection regulations and the aforementioned security measures are not observed by other individuals or institutions who do not fall within the sphere of our responsibility. Data disclosed by unencrypted means, for example via email, is especially vulnerable to third-party access. We are unable to influence this by technical means. It is the responsibility of the user to protect the data they have made available against misuse by using encryption or other similar methods.

Data Protection Officer

If you want to exercise your rights with regard to the Processing of Personal Data, please first contact: Benno Volk or Pia Scherrer, journal editors: journal@let.ethz.ch

The Data Protection Officer of ETH Zurich is:

Tomislav Mitar, ETH Zürich, Rämistrasse 101, 8092 Zürich, Tel. +41 44 6322121; tomislav.mitar@sl.ethz.ch