This page is a personal data protection notice template prepared for the AntAbstract congress management system. Before going live, the real data controller name, address, contact details, KEP address, retention periods and service provider details should be completed and reviewed according to the actual operation.
1. Data Controller
Within the scope of applicable personal data protection rules, personal data processed through the AntAbstract platform may be processed by the data controller specified below.
| Data Controller | AntAbstract / [Company or Institution Name to be added] |
|---|---|
| Address | [Full address to be added] |
| destek@antabstract.com | |
| KEP Address | [KEP address, if available, to be added] |
| Contact Page | /contact |
2. Purposes of Processing Personal Data
Personal data may be processed for the purposes of providing, operating and improving the AntAbstract congress management platform.
- Creating user accounts and managing authentication processes.
- Managing congress registration, application and participation processes.
- Managing abstract, submission, file upload and revision workflows.
- Managing author, co-author, reviewer, admin and organizer roles.
- Managing reviewer assignments, scientific evaluation, decisions and feedback processes.
- Generating acceptance letters, badges, participation documents and certificates.
- Managing payment, billing and financial record processes.
- Sending system notifications, transaction updates and service-related emails.
- Providing technical support, security, troubleshooting and system performance improvements.
- Complying with legal obligations before authorized institutions and authorities.
- Keeping records for possible disputes, applications or legal claims.
3. Categories of Personal Data Processed
Depending on the user role and the transaction performed on the platform, the following personal data categories may be processed.
| Identity Data | First name, last name, academic title, username and role information. |
|---|---|
| Contact Data | Email address, phone number and address information. |
| Academic and Professional Data | Institution, university, faculty, department, academic title, field of expertise and ORCID information. |
| Account and Transaction Security Data | Password hash, IP address, session information, login records and transaction logs. |
| Congress Registration Data | Selected congress, registration type, participation type, registration date and payment status. |
| Submission and Application Data | Submission title, abstract text, keywords, topic, presentation type, author information and uploaded files. |
| Review Data | Reviewer assignment information, reviewer comments, scores, recommendations and evaluation records. |
| Financial and Billing Data | Billing name, billing address, tax office, tax number, payment amount, currency and transaction reference. |
| Document and Certificate Data | Acceptance letters, participation documents, certificates, badges and verification information. |
| Technical Data | Browser, device, error logs, cookies, language preference and usage records. |
4. Legal Grounds for Processing Personal Data
Personal data may be processed based on legal grounds applicable to the relevant processing activity.
| Establishment or performance of a contract | User account creation, congress registration, submission workflows and provision of platform services. |
|---|---|
| Compliance with legal obligations | Billing, payment, accounting, tax, official authority requests and statutory record obligations. |
| Establishment, exercise or protection of a right | Dispute management, application records, review records and legal processes. |
| Legitimate interests | System security, fraud prevention, troubleshooting, technical support and user experience improvement. |
| Explicit consent | Marketing communications, non-essential cookies or situations requiring separate consent. |
5. Methods of Collecting Personal Data
Personal data may be collected electronically, automatically or partially automatically through the platform.
- Registration and login forms.
- User profile update screens.
- Congress registration and application forms.
- Abstract, submission and file upload screens.
- Reviewer evaluation screens.
- Payment and billing screens.
- Contact forms and support requests.
- Cookies, session records, security logs and system logs.
- Email notifications and in-platform notifications.
6. Persons and Organizations to Whom Personal Data May Be Transferred
Personal data may be transferred, limited to the relevant purpose, to the following recipient groups:
- Congress organizers and authorized organization teams.
- Scientific committees, organizing committees, editors and reviewers.
- Payment and billing service providers.
- Email, SMS, notification and communication service providers.
- Hosting, software, technical support and security service providers.
- Authorized public institutions and official authorities where legally required.
- Lawyers, financial advisors, auditors and consultants where necessary for legal processes.
Personal data is not sold to third parties for purposes unrelated to the platform services.
7. Retention Period of Personal Data
Personal data is retained for the period necessary for the purpose of processing and for the periods required by applicable law.
| Account data | May be retained while the account remains active and afterwards for applicable legal periods. |
|---|---|
| Congress registration data | May be retained for congress operations, document verification and legal obligations. |
| Submission and review data | May be retained for academic records, scientific evaluation, abstract books and document processes. |
| Payment and billing data | May be retained for accounting, tax and financial obligations for statutory periods. |
| Technical records | May be retained for reasonable periods for security, troubleshooting and system continuity. |
When the retention period expires, personal data may be deleted, destroyed or anonymized in accordance with applicable rules.
8. Your Rights Regarding Personal Data
Depending on applicable legislation, you may contact the data controller and exercise certain rights regarding your personal data.
- Learning whether your personal data is processed.
- Requesting information if your personal data has been processed.
- Learning the purpose of processing and whether the data is used in line with that purpose.
- Knowing the third parties to whom personal data is transferred domestically or abroad.
- Requesting correction if personal data is incomplete or inaccurate.
- Requesting deletion or destruction where applicable conditions are met.
- Requesting notification of correction, deletion or destruction to third parties to whom data has been transferred.
- Objecting to results against you arising from analysis exclusively by automated systems.
- Requesting compensation if you suffer damage due to unlawful processing.
9. How to Exercise Your Rights
You may submit your requests regarding your personal data to the data controller in writing or through other methods permitted by applicable legislation.
| destek@antabstract.com | |
| KEP | [KEP address, if available, to be added] |
| Postal Address | [Full address to be added] |
| Contact Form | /contact |
Your application may need to include your name, surname, contact information, request subject and information that helps verify your identity.
10. Updates to This Notice
This Personal Data Protection Notice may be updated due to changes in legislation, platform features, data processing activities or service processes.
The current notice becomes effective once published on the AntAbstract website.