Privacy Policy and Data Processing Framework
1. Controller and Contact
Data Controller: Universita Popolare Nikola Tesla
Jurisdiction: European Union (Italy)
Privacy contact: info@unitesla.eu
General contact: info@unitesla.eu
2. Processing Matrix
| Processing area | Data categories | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Account and editorial operations | Identity and contact data of submitters, editors, institutional contacts; operational messages | Manage submissions, moderation workflow, communication, and support | GDPR Art. 6(1)(b) (contractual steps and service delivery) | For service lifecycle plus legal limitation periods |
| Repository records and DOI-linked metadata | Bibliographic metadata, author names, affiliations, ORCID (if provided), DOI, version history, licensing statements | Preserve citation integrity, archive scientific outputs, provide traceable scholarly record | GDPR Art. 6(1)(e)/(f) with research and archiving safeguards under Art. 89, where applicable | Long-term archival retention; records may be corrected, restricted, or tombstoned |
| Navigation analytics (optional) | Pseudonymous analytics identifiers and usage events via Google Analytics | Measure aggregated traffic and improve service quality | GDPR Art. 6(1)(a) consent | According to configured analytics retention settings and consent status |
| Security and abuse prevention | Technical logs, firewall and anti-abuse telemetry, request metadata | Prevent attacks, fraud, and operational abuse | GDPR Art. 6(1)(f) legitimate interest and Art. 6(1)(c) legal obligations where applicable | Limited retention period, proportionate to security needs |
3. Distinction Between Account Data and Repository Content
Account and communication data are managed as service-operation data. Repository metadata and DOI-linked records are managed as part of a persistent scholarly archive.
Deleting an account does not automatically imply irreversible deletion of already published research records when retention is required for archiving, transparency, legal defense, or scientific integrity.
4. Data Subject Rights
You may request access, rectification, restriction, objection, portability (where applicable), and erasure by contacting info@unitesla.eu.
Erasure requests are evaluated against legal duties and archiving/scientific-research derogations, including GDPR Art. 17(3) and Art. 89 safeguards where applicable.
5. International Data Transfers
When infrastructure providers or subprocessors process data outside the EEA/UK, transfers are governed through recognized transfer tools (for example, Standard Contractual Clauses) and supplementary safeguards where required.
A subprocessor and transfer summary can be requested at info@unitesla.eu.
6. Third-Party Sharing
We do not sell personal data. Data is shared only when necessary for hosting, security, legal compliance, or requested institutional services under contract.
7. Analytics Consent Model
Google Analytics is blocked by default and loaded only after explicit analytics consent through our cookie banner/settings. You can change or withdraw consent at any time in Cookie Policy settings.
8. Data Processing Agreement (DPA)
Universities and research institutions can request a DPA template by email at info@unitesla.eu.
Last Updated: February 7, 2026