Privacy Statement

PRIVACY POLICY

Data Controller
Controller: Universidad Internacional de La Rioja
Tax ID: A-26430439
Address: C/ de García Martín, 21, Pozuelo de Alarcón, 28224, Madrid
Privacy contact email: ppd@unir.net
Phone: (+34) 915 674 391 (Ext. 3216)
Data Protection Officer: Miguel Crespo Toledo — miguel.crespo@unir.net

Information about UNIR
UNIR is a Spanish private university (as recognised by Law 3/2008 of 13 October by the Parliament of La Rioja and Decree 69/2009 of 31 July — BOR No. 96 of 5 August 2009) offering distance and in-person online education, headquartered in Logroño and with a presence in Mexico, Colombia, Ecuador and Peru.

Scope
This policy applies to the processing of personal data carried out through the MISOSTENIDO online journal hosted at https://revistas.unir.net/index.php/misostenido and to editorial interactions (authors, reviewers, editors and readers).

Purposes and Legal Bases
We process your data for:
3.1 Editorial management of manuscripts
Purpose: creation and management of author, reviewer and editor accounts; receipt, peer review and handling of manuscripts; related communications; publication and archiving.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
3.2 Editorial communications and account services
Purpose: issue alerts of published issues, account maintenance and support, non-commercial communications related to the journal.
Legal basis: legitimate interests (Art. 6(1)(f) GDPR). You may object at any time.
3.3 Analytics and platform improvement
Purpose: obtain usage/reading statistics and improve the experience (only through non-essential cookies/technologies).
Legal basis: consent (Art. 6(1)(a) GDPR), collected via the cookie banner/preferences panel.
3.4 Compliance with legal obligations (if applicable)
Purpose: invoicing, accounting/tax obligations or institutional archiving.
Legal basis: legal obligation (Art. 6(1)(c) GDPR).
Applicable rule: [specify the rule, if applicable].
Note: We do not use (nor rely on) “public interest” (Art. 6(1)(e)) unless there is a specific legal basis applicable to the entity.

Data Subjects and Categories of Data
Authors and co-authors: identification and contact details (name, surname, email), affiliation, ORCID, manuscript metadata, editorial correspondence.
Reviewers: identification and contact details, areas of expertise, review history.
Editors and technical staff: data necessary for system administration.
Registered readers: identification and contact details, preferences.
Browsing: IP, device identifiers and cookies (according to your settings in the panel).
Sources: data are provided by the data subject when registering or interacting with the platform; where applicable, via voluntary integrations (e.g., ORCID).

Retention
User accounts: while active; [X months/years] from last activity before deletion/anonymisation.
Editorial files (manuscripts, reviews and communications): [X years] after acceptance/rejection, to ensure the integrity of the scholarly record.
Administrative/accounting documentation (if any): for the statutory periods applicable.
Cookies/analytics: according to the durations indicated in the Cookies Table.
Recipients, Processors and International Transfers
Processors (service providers):
— Hosting and platform maintenance: [Provider], [country].
— Editorial platform (e.g., OJS/PKP): [Provider/version], [country].
— Transactional email: [Provider], [country].
— Analytics: [Self-hosted Matomo / Google Analytics / other] — [country].
Disclosures: we do not disclose data to third parties except where required by law or with explicit consent.
International transfers: if any provider is outside the EEA, we apply Standard Contractual Clauses or other safeguards (Art. 46 GDPR). Details: [describe safeguards/providers outside the EEA].

Data Subject Rights
You may exercise access, rectification, erasure, objection, restriction, portability, the right not to be subject to automated decisions, and withdraw your consent where consent is the legal basis.
Channel: [privacy@domain.tld] — Subject: “Exercise of GDPR rights” — Attach information to verify your identity.
Response time: 1 month (extendable by one additional month in complex cases).
If you are not satisfied, you may lodge a complaint with the AEPD: https://www.aepd.es

Minors
The site is not directed at persons under 14 years of age. If we detect registrations of minors without valid consent, we will delete them.

Security and Breaches
We implement appropriate technical and organizational measures (access controls, encryption in transit, backups and activity logging). We will notify personal data breaches in accordance with Arts. 33–34 GDPR where appropriate.

Policy Updates
We will publish changes on this page and indicate the date and version. In the event of material changes, we will notify you by reasonable means (banner/email to registered users).

General contact: revistamisostenido@unir.net
DPO contact (if applicable): ppd@unir.net

COOKIES POLICY

What are cookies?
Small files that the site installs on your device to remember preferences, enable functions and obtain usage statistics.

Your choice (consent)
Upon access we will display a banner with options Accept all / Reject all /
Configure.
Non-essential cookies (preferences, analytics, marketing) are installed only if you accept them.
You can change or withdraw your consent at any time from the Cookies Settings Panel: [visible and permanent link in the footer: /cookies/configure].

Types of cookies we use
Technical or necessary (always active): enable browsing, login and security. Legal basis: legitimate interests (no consent required).
Preferences (optional): remember your choices (language, interface). Legal basis: consent.

Analytics (optional): usage statistics and service improvement. Legal basis: consent.
Third-party: only if you enable them in the panel; they may involve international transfers (see details in the table).

Cookies Table
Fill in with your actual cookies. Example:
• Name: OJSSID — Provider: First-party ([domain]) — Purpose: Keep session active — Duration: Session — Type: Technical — Third-party/International: No
• Name: cookieConsent — Provider: First-party ([domain]) — Purpose: Remember cookie preferences — Duration: 6 months — Type: Preferences — Third-party/International: No
• Name: _pk_id.* — Provider: Matomo ([subdomain/self-hosted]) — Purpose: Anonymous usage metrics — Duration: 13 months — Type: Analytics — Third-party/International: No
• Name: _pk_ses.* — Provider: Matomo ([subdomain/self-hosted]) — Purpose: Analytics session — Duration: 30 min — Type: Analytics — Third-party/International: No
• Name: _ga — Provider: Google Analytics — Purpose: Metrics (if consented) — Duration: 2 years — Type: Analytics — Third-party/International: Yes (SCCs)
• Name: _gid — Provider: Google Analytics — Purpose: Metrics (if consented) — Duration: 24 h — Type: Analytics — Third-party/International: Yes (SCCs)
If you use Google Analytics, indicate: IP anonymisation, retention controls, and the existence of Standard Contractual Clauses. Consider self-hosted Matomo to avoid transfers.

Preferences Panel
You can change your choice at any time via the Cookies Settings Panel: [panel URL] (permanent link in the footer).
Enableable categories: Preferences, Analytics, Marketing [remove or add as appropriate].

CMP provider (if applicable): [Name of the consent management tool].
How to manage cookies in your browser
You can allow, block or delete cookies in your browser. See official help:
Chrome: [https://support.google.com/chrome/answer/95647]
Firefox: [https://support.mozilla.org/es/kb/borrar-cookies]
Safari: [https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471]
Edge: [https://support.microsoft.com/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09]
Note: disabling technical cookies may affect the operation of the site.

Contact for cookies and privacy
Email: revistamisostenido@unir.net
DPO: ppd@unir.net