Privacy policy

This information is provided, in accordance with art. 13 and 14 of EU Regulation 679/2016 (hereinafter "Regulation" or “GDPR”), to the researchers and/or authors of publications in scientific journals (hereinafter "User", "Users" or “Researchers”) of the website in desktop and mobile versions https://peerrank.org/ (hereinafter, "Site") aims to describe the management modalities of the Site with regard to the processing of personal data, as well as to allow the Users of the Site to know the purposes and modalities of the processing of personal data by the Data co-controllers.

The Site offers a survey dedicated to researchers and/or authors of publications in scientific journals who want to participate in PeerRank Project. In particular, Users – after registration and providing their informed consent and acceptance of this policy – can fill in a survey on the Site to evaluate scientific journals and contribute to creating a unique journal ranking (s.c. PeerRank) based on the real evaluation of authors of publications in scientific journals.

Users who access the Site, after registration, assume responsibility for any communication of third party data and guarantee that they have full rights to communicate them. The Joint Controllers shall not be held liable by third parties for the unlawful use of their data.

This information is provided exclusively for the website https://peerrank.org/.

1. Joint Controllers

On the basis of the Joint Controller Agreement for personal data pursuant to art. 26 of EU Regulation 2016/679 concluded on December 2025, the Joint controllers of the personal data of the Researchers are:

• Catholic University of the Sacred Heart, with registered office in Milan, at Largo Agostino Gemelli 1, C.F. and P.IVA 02133120150; 

• University of Pisa, with registered office in Pisa, Lungarno Pacinotti 43, C.F. 80003670504 and P.IVA 00286820501. 

 

The Data Protection Officers (DPOs) appointed by the Joint Controllers can be reached, respectively, at:

• for the Catholic University of the Sacred Heart: dpo@unicatt.it;   

• for the University of  Pisa: responsabileprotezionedati@pec.unipi.it.  

2. Principles applicable to the processing of personal data

The Joint Controllers inform the data subjects that the processing is based on the principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.

3. Object of processing

In the preliminary phase of the Project, the Joint Controllers may process the personal data of the Researchers specified below:

 

Public contact details of the researchers:

• Public contact details. The Joint Controllers collect and use the email addresses of scientific researchers available in public online databases (e.g. university department websites, etc.) to inform them about the Project and, if interested, to invite them to participate. 

 

In the second phase of the Project, the Joint Controllers may process the personal data of the Researchers specified below:

 

Personal data collected automatically during visits to the Site:

• Navigation data. The Joint Controllers automatically collect data about the device (PC, tablet, mobile phone or other mobile device) and connection used by the User, including, for example, the IP address, the date and time of access, information about hardware and software, information about events relating to the device and information about any crashes. 

• Site usage data. The Joint Controllers collect information about how the User has used the Site. 

 

Data provided by the User:

• Data provided personally to login in the Site. In order to access the site, the User uses and provides his/her email address and password or his/her ORCID credentials (identification method for Researchers). In this way, Researchers will be able to participate in the Project, evaluate the journals and contribute to the creation of PeerRank. 

• Data provided personally by completing the survey. By filling in the survey on the Site, after classifying the journals in two steps, the Researchers provide the following personal data: age, gender, professional position, field of research, country of origin. 

• Data provided by requests for information by e-mail. If the User expressly  and voluntarily requests information by e-mail from the contacts indicated on the Site, the Joint Controllers will acquire the User's e-mail address, first name and surname and any personal data included in the communication. 

 

Personal information collected through cookies:

 

Data provided through the use of cookies. The Joint controllers use only analytic cookies as well as other technical cookies to keep track of the current User’s sessions on the Site. For more information on the use of cookies, the user can consult the cookie policy at the following link (*).

4. Purpose and legal basis of the processing

In the preliminary phase, the Joint Controllers process Researchers' personal data (name, surname, email address) in order to inform them about the Project and to ensure that, if interested, they participate by filling in the survey on the Site.

The processing carried out for these purposes has its legal basis in the legitimate interest of the Joint Controllers  in accordance with article 6, letter f), GDPR.

 

In the second phase, the Joint Controllers process the User's personal data for the following purposes:

• to provide the survey on the Site for research purposes; 

• to collect and analyse anonymised and aggregated derived from Researchers' ratings in the survey to create PeerRank;  

• collect statistical information, in aggregate form, about the number of Users who access the site and evaluate the journals. 

The processing carried out for these purposes, pursuant to art. 6, letter a), GDPR, finds its legal basis in the specific consent given by the interested party.

 

The Joint Controllers also process the User's personal data for the following purposes:

• to send notices about any inefficiencies related to the survey offered in the Site; 

• to identify and solve problems that the User encounters when using the Site (e.g. blocked or non-functioning pages) and provide the User with a better experience. 

 

The processing carried out for these purposes has its legal basis in the legitimate interest of the Joint Controllers  in accordance with article 6, letter f), GDPR.

5. Processing methods and storage of personal data

The Joint Controllers ensure that personal data is processed in full compliance with the GDPR and the privacy legislation in force in Italy, using manual, computerised or telematic systems. The processing is carried out using automated tools designed to store, manage and transmit the data.

The data collected will be protected by physical and logical methods in such a way as to minimise the risks of unauthorised access, dissemination, loss and destruction, in accordance with articles 25 and 32 of the GDPR.

The data on the Researchers' ratings and any identifying data will be stored in separate databases. The data relating to the Researchers' ratings, which will be analyzed and published, will be pseudonymized and aggregated so that it will not be possible to trace either the responses or their participation.

In any case, anonymized data will be processed only for the entire duration of the research. The Users' personal data will be retained for a maximum period of ten years from the last use of the Site. They may be kept for longer periods if this is necessary to comply with legal obligations incumbent on the Joint Controllers or to protect a right in legal proceedings.

6. Receivers of personal data

The personal data collected may be processed by persons or categories of persons who act as data processors pursuant to Art. 28 GDPR or as authorised to process data pursuant to Art. 29 GDPR.

 

Except for the aforementioned cases, personal data will not be communicated except to subjects, bodies and authorities to which communication is obligatory by law or regulation.

7. Transfer of data to third countries or international organisations

The personal data collected through the survey on the Site will be processed within the national territory. It may be transferred within the European Economic Area exclusively for purposes related to the execution of the Project and in compliance with the specific provisions set out in the GDPR.
Any transfer of data, even outside the European Union, will be carried out in full compliance with the GDPR and, where necessary, with the so-called standard contractual clauses.

8. Rights of the Data Subject

The User has the right to request at any time:

1. confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, in a concise, transparent, intelligible and easily accessible form, using simple and clear language; 

2. the indication: 

   • the origin of the personal data; 

   • of the purposes and methods of processing; 

   • of the legitimate interests pursued by the Data Controller or third parties; 

   • of the receivers or categories of receivers of the personal data; 

   • if there is any intention of the Data co-controllers to transfer personal data to a third country or an international organisation; 

   • the retention period of the personal data; 

   • the logic applied, as well as the importance and expected consequences of such processing for the data subject, in the event of processing carried out with the aid of electronic instruments as part of an automated collection and/or profiling process; 

   • the identification details of the Joint Controllers, the Data Processors, the Designated Representative (if any) and the Data Protection Officer (DPO); 

   • of the subjects and categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees. 

3. the possibility of lodging a complaint with a supervisory authority; 

4. the updating, rectification or, where interested, the integration of the data 

5. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed 

6. the restriction of processing; 

7. the transfer of personal data concerning him/her to another controller; 

8. Withdrawal of consent to processing; 

9. oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him or her, even if pertinent to the purposes for which they were collected. 

 

To exercise these rights, the interested party may at any time contact the Joint Controllers by means of a written request - without formalities, but mentioning the “PeerRank project” - to the following addresses:  

• dpo@unicatt.it (copying giovanni.ursino@unicatt.it)  

• responsabileprotezionedati@pec.unipi.it (copying pietro.battiston@unipi.it).  

 

The Joint Controllers will deal with the user's requests within one month of receipt, at the latest. Depending on the complexity and number of the requests, the aforementioned period may be extended by two months. In this case, within one month of receipt of the request, the Joint Controllers shall inform the User of the extension of the deadline and of the reasons for it.

Where the response is not considered to be satisfactory, the User may submit a complaint to the Personal Data Protection Authority (www.garanteprivacy.it).

9. Changes

This policy may be subject to change. If substantial changes are made to the use of Researchers data, the Joint Controllers will inform the Users by publishing them in a clearly visible manner on the Site.

 

 

 

Last updated: December 1, 2025