Privacy Statement

Privacy policy Eductional Design Reserach Journal (EDeR) published via the open access publication software Open Journal Systems (OJS)

Data privacy policy for the Open Access “Educational Design Research Journal” published with the journal hosting service of the Hamburg State and University Library (SUB) carried out on behalf of Universität Hamburg. The Universität Hamburg publishes articles using the technical platform of Open Source Software, Open Journal Systems (OJS). In the following you will find information about personal data processed in the context of the publication Educational Design Research Journal.

Contact details of the controller

The controller processing my data is

President of Universität Hamburg
Mittelweg 177
20148 Hamburg

Department responsible

Universität Paderborn
Department Wirtschaftspädagogik
Prof. Dr. Tobias Jenert
Warburger-Str. 100

33098 Paderborn

Contact details of the data protection officer

Data protection officer of Universität Hamburg
Mittelweg 177
20148 Hamburg


Purposes and legal basis

Visiting the website without registration

Every time you visit our website for information purposes, i.E. if you do not register or otherwise share information with us, we only collect the following information (log files):

  • IP address from which our website is accessed
  • information about the type of browser and the version used
  • date and time of access
  • technical data on the transmission (protocols, status code, data volumes)
  • internet service provider of the user
  • operating system of the user
  • websites from which the user's system accesses the Educational Design Reserach Journal website
  • websites that are accessed by the user's system via our website

We collect the data for technical purposes in order to display our website and ensure stability and security. The legal basis for the data processing is Article 6 para 1 (f) General Data Protection Regulation (GDPR), as for the mentioned purposes our legitimate interest prevails at this point. The log files are stored for 28 days, afterwards the data is anonymized and stored for one year for evaluation of error logs, which log erroneous page views, and internal statistics applications.

Registration and Publication

The collection of the authors' personal data is based on Art. 6 (1) b GDPR, as this is necessary for the conclusion and performance of the underlying author contract.

The registration of authors is essential for the publication contract with the journal, as it provides the editors with the required contact data and allows authors to upload their articles. Users assign themselves a user name and password during registration. These data are used to log in to the password-protected user area. This is to ensure that the individual user can be identified and that no one else can access the user’s account.

The data provided during registration are used exclusively as follows: Conclusion and performance of the publication contract; contacting; permission of rights for access to the password-protected user area of the journal, allocation of the author to her/his article, journal-internal documentation.

The following kinds of personal data and information will be processed:

  • address data:
  • contact and office address: affiliation/city + country
  • communication data: e-mail address (business)
  • identification data: name prefix, first name, last name, name suffix
  • authentification data: user ID, password, ORCID iD (voluntary) ,
  • verification during registration: IP address, successful/unsuccessful logins and logouts with date, information regarding the processing/configuration of the tools on the part of the customer (anonymized), password, user name,
  • upload: editing persons, editing status, name of the article, date of publication
  • article and metadata (information in the article files (PDF): name, institute affiliation and e-mail address of authors, title, date of submission, acceptance and publication of article, ORCID iD.

Authors can upload their articles via their user account in OJS and track the processing status of the article in the system.

The following kinds of personal data and information will be processed: The articles, name prefix, first name, last name, name suffix, city, country, affiliation, the e-mail address, the date of submission, acceptance and publication, ORCID ID will be published online.

The legal basis for the data processing in the context of registration and publication (digital and online) is Article 6 para 1 (b) GDPR, the processing of personal data is necessary for the performance of pre-contractual measures and for the performance of the contract with the author. The purpose of the contract is the proper execution of the publication.

The ORCID ID (Open Researcher and Contribution ID) is a globally unique identifier that allows unique assignment to the publication. ORCID is an international, interdisciplinary, and publisher-independent non-profit organization based in Delaware, USA. During the registration process, authors have the opportunity to link their name to their ORCID ID if available. For this, authors can use a link during the registration process or will be asked via E-Mail.  The link will only be established after the authors have logged in with their ORCID credentials in a pop-up window. It therefore requires the author's own active and voluntary action.

The author's name is linked to his / her ORCID ID for the purpose of being able to use the advantages of ORCID, such as visibility and findability. The linking takes place exclusively with the author’s consent and on the legal basis of article 6.1 (a) GDPR. The link remains in place until consent is revoked.

If authors do not have an ORCID ID, they have the option of using a link on our website that directly leads to the registration page of ORCID: The responsibility for the data entered there and data processing lies solely with ORCID and is beyond our control. Therefore, we refer to ORCID's own privacy policy:

The personal data for the registration will be deleted when the user requests the deletion of his /her user account. This is done by sending an email from the user’s registered email address with the user name of the account to be deleted to:

When the account is deleted, the published article files, metadata and links to ORCID iD are not deleted automatically. The processing and storage of the metadata and the data in the articles is carried out as long as it is necessary for the fulfillment of the contract. The Link to ORCID ID will be deleted, when the consent is revoked.


You can subscribe to a newsletter in order to receive communications from the Universität Hamburg regarding to the journal. The data provided during registration (email address, name, first name) are used exclusively as follows: Newsletter delivery to the specified email address. For the newsletter registration the so-called double-opt-in procedure is used to verify your registration. Therefore you registration is not complete until you have confirmed by clicking on the link contained in a confirmation mail. If you do not confirm, the registration will be automatically deleted. The legal basis is Article 6 para. 1 (a) GDPR. The user’s consent can be freely revoked at any time for the future. Personal data will be stored until withdrawal of consent.

Statistic purposes

The Universität Hamburg processes personal data of the authors for the adjustment of the acquisition process. The following categories of personal data will be processed: Gender, approximate age, origin. The legal basis for the data processing is Article 6 para. 1 (a) GDPR. The declaration of consent is voluntary and can be revoked at any time for the future. Personal data will be stored until withdrawal of consent.

Recipients/categories of recipients

The personal data will be transmitted to the following recipients: managing editor of the Educational Design Research Journal, SUB, Rechenzentrum Universität Hamburg.

The journal is hosted by the SUB. Thus, the SUB has access to the user’s registration and article submission data. The SUB processes this data exclusively for the purposes and on behalf of the Universität Hamburg and only to the extent necessary to fulfill the technical service of hosting the journal. The Universität Hamburg and the SUB has concluded a data processing agreement according to Art. 28 GDPR. The SUB provides further information on data protection of websites operated by the SUB in its data policy:

Metadata is transmitted to the registration agency Crossref (Crossref, PO BOX 719, Lynnfield, MA 01940, United States of America) for a unique assignment of permanent publication identifiers (DOI). Crossref is registered in the USA. Due to the absence of an adequacy decision and appropriate safeguards, a transfer of personal data to the USA may have disproportionates interferences by U.S. authorities and a lack of legal protection for affected EU citizens as a consequence.

The articles, name prefix, first name, last name, name suffix, city, country, affiliation, the e-mail address and the ORCID-ID will be published online. This information is accessible worldwide and a general suppression of it cannot be guaranteed, since other websites and third parties can copy the websites of the Educational Design Research Journal, article and personal data and provide older screenshots.

Metrics and statistics

We display article metrics on our website to visualize the individual articles’ usage and impact. For article usage statistics we collect anonymized access data. To visualize the impact of articles we link to external websites or display externally counted numbers of citations including the links of citing articles.

Journal metrics (OJS)

The website uses a statistics tool provided by the Open Source Software Open Journal Systems (OJS, This tool counts article views and downloads to visualize their usage.  The results are displayed on each article page. Personal data is not processed.

Links to other platforms

The website may contain information about other websites (links in individual articles). This privacy policy does not apply to data processing by the operators of the external website, over which we have no influence. If you wish to inform yourself about this data processing, we recommend that you read the data protection information on the external websites you visit.

Matomo (web analysis)

We use Matomo, a tracking service provided by the Rechenzentrum (Computer Center) of the University of Hamburg, to collect key figures about the use of the journal and the content provided.

We have configured the Matomo software for use on the pages operated by the SUB in such a way that the data collected does not enable direct or indirect identification of a natural person:

  • The IP address is anonymized. This is done by the Regional Computer Center of the University of Hamburg (RRZ).
  • The use of cookies has been disabled in the tracking code.
  • The functions "visit log and visitor profile" have been deactivated by us in the settings.

The legal basis for the data processing is Art.6 Abs. (1) lit. e, (3) GDPR, § 4 HmbDSG, § 6 (2) Nr. 1 HmbHG.

Your rights

You have the following rights:

  • the right of access to personal data concerning you that is processed by us (Article 15 GDPR)
  • the right to rectification of any incorrect or incomplete personal information (Article 16 GDPR)
  • the “right to be forgotten”: erasure of stored personal data insofar as the relevant data are not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or the purposes of establishing, exercising, or defending a legal claim (Article 17 GDPR)
  • the right to restriction of processing personal data (Article 18 GDPR)
  • the right to data portability (Article 20 GDPR)
  • the right to object to the processing of your data conducted in our legitimate interest, public interest, or for profiling purposes unless we can demonstrate compelling grounds for processing said data that outweighs your interests, rights, and freedoms or where the processing of said data is required for the establishment, exercise, or defense of a legal claim (Article 21, GDPR);
  • the right to withdraw your consent to the collection, processing, and use of your personal data at any time with future effect (Article 7 paragraph 3 GDPR)—this means that the data processing related to that consent will no longer be carried out. This does not affect any previous processing of personal data.
  • the right to lodge a complaint with a supervisory authority (e.g. Hamburg Commissioner for Data Protection and Freedom of Information) where you believe the processing of personal data related to you is in breach of the GDPR (Article 77 GDPR)

You may exercise your rights by contacting