Last updated: July 2026.
1. Who we are (Data Controller)
This journal, "Management of Organizations: Systematic Research" (ISSN 1392-1142 / 2335-8750), is published by the Faculty of Economics and Management of Vytautas Magnus University (VMU), Kaunas, Lithuania, which acts as the data controller. Questions about this policy or your data: email orgvad@evf.vdu.lt. For matters concerning data protection you may also contact VMU's Data Protection Officer via the University's official channels.
2. What personal data we collect
- Account data: your name, email address, affiliation, display name and any bio you provide when you register.
- Submission data: manuscripts and their metadata (title, abstract, keywords), and author details you enter (names, affiliations, emails, ORCID), plus any comments you post during the review process.
- Communications: your email address and notification preferences, used to send you transactional and (if you opt in) informational emails.
- Usage data: first-party analytics about which pages and article PDFs are viewed, including the page path and referring page. We do not use advertising trackers or third-party profiling.
- Cookies and local storage: see the Cookies section below.
3. How and why we use your data, and our legal bases (GDPR Art. 6)
- To operate your account and manage the peer-review workflow — performance of a contract.
- To send you notifications about your submissions — contract / our legitimate interest in running the journal.
- To send optional informational emails — your consent (which you can withdraw at any time in your profile settings).
- To understand and improve how the journal is used, via aggregated analytics — our legitimate interest.
- To publish accepted articles and maintain the scholarly record — public interest / your consent as an author.
- To comply with legal obligations.
4. Who we share it with
Your submission data is accessible to the journal's editors and to assigned reviewers strictly for peer review (reviews are double-blind — reviewers do not see author identities and vice versa). We use trusted processors that act on our instructions: Supabase (database, authentication and file storage, hosted in the EU) and Resend (transactional email delivery). We never sell your personal data.
5. International transfers
Most data is processed within the EU/EEA. Where a processor (for example, our email provider) processes data outside the EEA, it is done under appropriate safeguards such as the European Commission's Standard Contractual Clauses.
6. How long we keep it
We keep account and submission data for as long as needed to manage the editorial process and to maintain the permanent record of published works. Analytics data is retained in aggregate. You can request deletion of your account data subject to our need to preserve the integrity of the published scholarly record.
7. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict or object to the processing of your data, to data portability, and to withdraw consent at any time. To exercise these rights, email orgvad@evf.vdu.lt. You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (Valstybinė duomenų apsaugos inspekcija, vdai.lrv.lt).
8. Security
We protect your data with encryption in transit (HTTPS), access controls, and database row-level security so that users can only access data they are authorised to see.
9. Children
The journal is intended for researchers and professionals and is not directed at children under 16.
10. Cookies
We use: (a) strictly necessary cookies/local storage to keep you signed in and remember your cookie choice; (b) first-party analytics (page and download counts) which we only activate if you accept analytics in our cookie banner. We do not use advertising or cross-site tracking cookies. You can change your choice at any time by clearing the banner selection in your browser.
11. Changes
We may update this policy; the "last updated" date shows the latest version.
