glossaLAB:Privacy policy

Effective Date: 10 October 2025

Welcome to glossaLAB (www.glossalab.org), an open platform for conceptual elucidation and co-creation of interdisciplinary knowledge, supported as a collaborative scientific endeavor.

We are committed to protecting the privacy and personal data of our visitors and registered contributors. This Privacy Policy outlines how we collect, use, process, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and other relevant data protection laws.

The "Data Controller" (the entity responsible for your personal data) for the www.glossalab.org website is:

Asociación BITrum - Grupo de Investigación / Coordinating Institution of the GlossaLAB Consortium

C/ San Lorenzo 2, 24007 León, Spain

Contact Email: info@glossalab.org

For any questions regarding your data, this policy, or to exercise your rights, please use this contact information.

We collect different types of personal data for specific purposes. We only process your data when we have a valid legal basis to do so.

When you visit www.glossalab.org, our servers automatically collect information sent by your browser.

Data Collected:

• IP address, browser type and version, operating system, referring URL, pages visited, and date/time of access.

Purpose:

• To ensure the technical functionality, security, and stability of our website and to defend against attacks.

Legal Basis (GDPR Art. 6(1)(f)): Legitimate Interest. Our legitimate interest is to maintain the security and functionality of our scientific platform.

To make contributions into glossaLAB, you must create a user account.

Data Collected:

• Username: (This will be publicly associated with all your contributions).
• Email Address: (This is not public).
• Password: (Stored in a hashed, unrecoverable format).
• Optional Information: You may choose to provide your real name, institutional affiliation and other professional and academic information on your public user profile, though for transparency reasons the usage of real names and profiles is encouraged.

Purpose:

• To create and manage your account and allow you to log in.
• To attribute your contributions publicly (a core principle of academic and collaborative work).
• To contact you with essential service notifications (e.g., policy changes) or if you opt-in to notifications.
• Your anonymized personal, academic and professional data is used to facilitate information retrieval and knowledge system analysis.

Legal Basis (GDPR Art. 6(1)(b)): Performance of a Contract. By creating an account, you enter into a user agreement (Terms of Service) with us to participate in the project.

This is the most important data processing activity for our project.

Data Collected:

• All content you add, modify, or delete on the wiki (text, references, edit summaries), along with your public username and the timestamp of the edit. This is stored in the site's public "history" log.

Purpose:

• The core scientific goal of the project: to build and maintain a public, collaborative, and interdisciplinary knowledge base; as well as to analyse the integration of knowledge systems in interdisciplinary settings. The public attribution (via your username and real name) is essential for the project's academic integrity and transparency.

Legal Basis (GDPR Art. 6(1)(e)): Task in the Public Interest. The Glossalab project is a scientific research initiative conducted in the public interest.

We use cookies to improve your experience. A cookie is a small text file stored on your device.

Essential Cookies:

• These are necessary for the website to function (e.g., to keep you logged in).

Legal Basis (GDPR Art. 6(1)(f)): Legitimate Interest to provide a functional website.

All contributions are public: any content you post, edit, or upload to the glossaLAB wiki (under your username) is immediately and permanently public.

Attribution is public: your username is permanently and publicly attached to your contributions and edits in the page history.

No expectation of privacy in contributions: do not post any information you do not want to be public. This includes personal data about yourself or others (especially "Special Category Data" like political opinions, religious beliefs, or health information) unless you have the explicit right and consent to do so.

We do not sell your personal data. We only share it in the following limited circumstances:

• Project Administrators. Authorized members of the glossaLAB technical team and project leadership may access non-public data (like your email address or IP logs) for security, maintenance, and administrative purposes.
• Hosting Provider. The project's physical servers are located at and maintained by the University of the Aegean (Greece), a project partner. They are bound by EU data protection laws and institutional policies to protect this data.
• Embedded Content. Our site may embed content from third parties (e.g., YouTube videos). Interacting with this content may result in that third party (e.g., Google) collecting your data (like your IP address) as if you were visiting their site directly. Their own privacy policies apply.
• Scientific Dissemination. We may publish aggregated or anonymized data (e.g., "we had 500 contributions from 50 users in the last year") for research papers, reports, and presentations. Your personal data (like your email) will not be included.
• Legal Obligation. We may disclose your data if required by law, subpoena, or a binding order from a competent EU authority.

The glossaLAB project is primarily based in the European Union.

Our main servers are physically located at the University of the Aegean in Greece, which is within the European Economic Area (EEA). This ensures your data is protected by default under the GDPR.

• Server Logs. Technical logs (containing IP addresses) are typically retained for a short period (e.g., 14-90 days) for security analysis, then deleted.
• User Account Data. We retain your account information (username, real name and email) for as long as your account is active. If you delete your account, this information is removed.
• Contribution Data. Your public contributions (and the associated public username) are retained indefinitely. This is a necessary part of the project's scientific and historical record, protected under the GDPR (Art. 89) derogation for scientific research purposes.

As a data subject in the EU, you have the following rights:

• Right to Access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): You can update your account information (like your email) at any time. You can also correct any public contributions you have made by editing the page.
• Right to Erasure ("Right to be Forgotten") (Art. 17): You can request the deletion of your personal data. Limitation: This right is not absolute for your public contributions. We cannot delete your scientific contributions from the public history as this would damage the integrity of the project (per Art. 17(3)(d)). However, we can accommodate requests for anonymization, where we disassociate your contributions from your username (e.g., by renaming your account to a generic ID).
• Right to Restriction of Processing (Art. 18): You can request that we limit the processing of your data under certain conditions.
• Right to Data Portability (Art. 20): You can request a copy of your data in a machine-readable format.
• Right to Object (Art. 21): You can object to our processing of your data based on legitimate interest.
• Right to Withdraw Consent (Art. 7): Where we rely on your consent (e.g., for non-essential cookies), you can withdraw it at any time.

To exercise any of these rights, please contact us at info@glossalab.org.

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with our lead supervisory authority or your local Data Protection Authority (DPA).

Our Lead Supervisory Authority is Spain's AEPD.

We implement appropriate technical and organizational measures to protect your personal data, including:

• Secure Sockets Layer (SSL) encryption for all web traffic.
• Password hashing.
• Strict access controls for project administrators.
• Regular security reviews and updates.

We may update this policy to reflect changes in our practices or for legal reasons. We will post any changes on this page and, if the changes are significant, we will notify registered users by email.