Data Protection Impact Assessment Summary
Last updated: December 19, 2024
Overview
This summary outlines how NOBLEID processes personal data in compliance with GDPR and other applicable data protection regulations.
Data We Collect
Personal Data
- Author names and affiliations (for published works)
- ORCID identifiers (when provided)
- Email addresses (for account management)
- Institutional affiliations
Technical Data
- IP addresses (for security and rate limiting)
- Browser information (for compatibility)
- Access logs (for system monitoring)
Legal Basis for Processing
- Legitimate Interest: Academic publication and research dissemination
- Consent: Public profile display and ORCID integration
- Contract: Service provision to institutional users
Data Retention
- Published works: Retained indefinitely for academic record
- Personal profiles: Retained while account is active
- Access logs: 90 days for security purposes
- Email communications: 2 years for support purposes
Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (subject to academic record requirements)
- Restrict processing
- Data portability
- Object to processing
Privacy by Design
- No third-party tracking or analytics
- Minimal data collection
- Encryption in transit and at rest
- Regular security audits
- Staff training on data protection
International Transfers
Data is processed within the EU/EEA. Any international transfers are protected by appropriate safeguards.
Contact
For data protection inquiries, contact our Data Protection Officer at dpo@nobleid.org.