Sign In Register |
EN TR
Pedapub
Journals
Education Mind Emerging Learning Technologies All Journals →
Information
Submission Guidelines Policies
Author Services
Proofreading Verify Certificate All Services →
Contact

Privacy Policy

Last Updated: June 2025

Introduction Data Controller Personal Data We Collect How We Collect Data Legal Basis for Processing Purposes of Data Processing Sharing with Third Parties International Data Transfers Data Retention Data Security Your Rights Children's Privacy Contact Changes to This Policy

Introduction

This Privacy Policy describes how Pedapub collects, uses, stores, and protects personal data when you use our website and services. It applies to all visitors, registered users, authors, reviewers, and editors who interact with the platform.

Pedapub operates as an academic journal management and publishing platform. Given the nature of our services, we process personal data in the context of user registration, manuscript submission, peer review management, and editorial communication. We are committed to processing your data lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law No. 6698 (KVKK).

Data Controller

Pedapub ("https://pedapub.com") acts as the data controller for personal data processed through this platform. The data controller determines the purposes and means of processing your personal data. For all inquiries, requests, or complaints regarding data protection, you may contact us at support@pedapub.com.

Personal Data We Collect

The categories of personal data we collect depend on how you interact with our platform. Below is a detailed breakdown by context.

Account Registration

When you create an account, we collect your first name, middle name (optional), last name, email address, institutional affiliation, country, ORCID identifier, and a password. Your password is stored only in cryptographically hashed form and cannot be read or recovered by our staff.

Manuscript Submission and Peer Review

When a manuscript is submitted, we process the names, email addresses, affiliations, and ORCID identifiers of all listed authors. During the peer review process, reviewer identities and editorial correspondence are handled within the platform. Reviewer identities are kept confidential from authors under our double-blind review model unless the journal specifies otherwise.

Automatically Collected Data

When you visit our website, our servers automatically record certain technical information: your IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and session duration. This data is collected through server access logs and is used for security monitoring, abuse prevention, and aggregate statistical analysis. It is not combined with your account data for profiling purposes.

How We Collect Data

We collect personal data through the following methods:

  • Directly from you — when you register an account, submit a manuscript, fill out a contact form, or correspond with us by email.
  • Automatically — through server logs and cookies when you browse our website (see our Cookie Policy for details).
  • From third parties — in limited cases, we may receive data from co-authors who list you on a manuscript submission, or from editorial board members who recommend you as a reviewer.

Legal Basis for Processing

We process your personal data only where we have a lawful basis to do so. Under Article 6(1) of the GDPR, the applicable legal bases for our processing activities are:

  • Performance of a contract (Article 6(1)(b)) — processing that is necessary to provide you with the services you have requested, including account management, manuscript handling, and peer review coordination.
  • Legitimate interests (Article 6(1)(f)) — processing carried out for our legitimate business interests, such as platform security, abuse prevention, service improvement, and aggregate analytics, where these interests are not overridden by your rights.
  • Consent (Article 6(1)(a)) — where you have given explicit consent, for instance by accepting this Privacy Policy during registration. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation (Article 6(1)(c)) — processing necessary to comply with a legal obligation to which we are subject, such as tax reporting requirements or responding to lawful data access requests from authorities.

Under Article 5(2) of the Turkish KVKK, the corresponding legal bases are: the express consent of the data subject; necessity for the performance of a contract; necessity for compliance with a legal obligation; necessity for the establishment, exercise, or defense of a right; and the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

Purposes of Data Processing

We process your personal data for the following specific purposes:

  • Creating, authenticating, and managing your user account on the platform.
  • Processing manuscript submissions, assigning editors and reviewers, and managing the editorial workflow through to publication or rejection.
  • Facilitating communication between authors, reviewers, and editors within the peer review process.
  • Providing author services you have purchased or requested, such as proofreading or similarity reports, and issuing related certificates.
  • Sending transactional emails related to your account, submissions, or orders (not marketing).
  • Maintaining platform security, detecting unauthorized access, and preventing fraud or abuse.
  • Generating aggregate, anonymized usage statistics to understand how the platform is used and to guide improvements. These statistics do not identify individual users.

Sharing with Third Parties

Pedapub does not sell, rent, or trade your personal data. We share personal data with third parties only to the extent necessary to operate the platform and provide our services, under the following categories:

  • Cloudflare, Inc. — our content delivery and security provider. Cloudflare processes IP addresses and request metadata for DDoS protection, bot management, and performance optimization. Cloudflare acts as a data processor under a Data Processing Addendum.
  • Email infrastructure providers — we use SMTP-based email services to deliver transactional messages (submission confirmations, review invitations, decision notifications). Only the recipient email address and message content are transmitted.
  • Journal editors and peer reviewers — during the editorial process, editors can see author names, affiliations, and submission details. Reviewers receive the manuscript and relevant metadata. Under double-blind review, author identities are not disclosed to reviewers.
  • Legal and regulatory authorities — we may disclose personal data if required by law, court order, or a binding request from a competent authority.

All third-party service providers that process personal data on our behalf are bound by contractual obligations to handle data in accordance with applicable data protection legislation and to implement appropriate technical and organizational security measures.

International Data Transfers

Our servers are located in data centers that may process data outside of Turkey or the European Economic Area (EEA). Where personal data is transferred to countries that have not been recognized as providing an adequate level of data protection, we rely on appropriate safeguards such as standard contractual clauses approved by the European Commission (Article 46(2)(c) GDPR) or the explicit consent of the data subject.

Under Article 9 of the KVKK, cross-border transfer of personal data is carried out in compliance with the conditions set by the Turkish Personal Data Protection Board and with the explicit consent of the data subject where required.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The specific retention periods are as follows:

  • Account data — retained for as long as your account remains active. If you request account deletion, your personal data will be erased within 30 days of the request, subject to the exceptions below.
  • Published article metadata — author names, affiliations, and ORCID identifiers associated with published articles are retained indefinitely as part of the scholarly record. This is necessary for citation integrity and cannot be reversed after publication.
  • Manuscript submission records — submission metadata and editorial correspondence are retained for 3 years after the editorial decision for the purposes of research integrity verification.
  • Server access logs — IP addresses and request logs are retained for up to 12 months for security and abuse prevention purposes, then deleted or anonymized.

Financial records related to author service orders are retained for the period required by applicable tax legislation (currently 10 years under Turkish Commercial Code).

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption of data in transit using TLS/HTTPS, cryptographic hashing of passwords using industry-standard algorithms, role-based access controls limiting staff access to personal data on a need-to-know basis, DDoS protection and web application firewall through Cloudflare, and regular security reviews of our infrastructure.

While we take reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data, but we commit to promptly notifying affected users and relevant authorities in the event of a data breach as required by GDPR Article 33 and KVKK Article 12.

Your Rights

Under the GDPR (Articles 15 through 22) and the KVKK (Article 11), you have the following rights regarding your personal data:

  • Right of access — you may request confirmation of whether your personal data is being processed and, if so, obtain a copy of that data along with information about how it is being used.
  • Right to rectification — you may request correction of inaccurate personal data or completion of incomplete data. You can also update most of your information directly through your account profile.
  • Right to erasure ("right to be forgotten") — you may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent. This right does not apply to data that must be retained for legal obligations or for the public scholarly record.
  • Right to restriction of processing — you may request that we limit the processing of your data in certain circumstances, for example while a rectification request is being verified.
  • Right to data portability — you may request to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
  • Right to object — you may object to the processing of your personal data where we rely on legitimate interests as the legal basis, including any profiling based on those interests.
  • Right to withdraw consent — where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please send your request to support@pedapub.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Turkey, the relevant authority is the Personal Data Protection Board (KVKK Kurulu). In the EU, you may contact the supervisory authority in the member state of your habitual residence.

Children's Privacy

Pedapub is an academic platform intended for use by researchers, academics, and professionals. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data promptly.

Contact

For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact us at: support@pedapub.com. We aim to respond to all inquiries within 30 days.

Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page. If we make material changes that significantly affect how we handle your personal data, we will notify registered users by email or through a prominent notice on the platform. Your continued use of the platform after such changes constitutes your acceptance of the updated policy.

Pedapub

Pedapub

  • Journals
  • Contact

Information

  • Submission Guidelines
  • Policies

Author Services

  • Proofreading
  • Verify Certificate

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
Copyright © 2026 Pedapub
Peda

Cookie Notice

This website uses cookies to ensure you get the best experience. Learn more