Privacy Statement

1) Who we are and the scope

This Privacy Policy explains how the Journal of Informatics and Web Engineering (JIWE), published by Multimedia University Press (Universiti Telekom Sdn Bhd), processes personal data collected through this journal website and related editorial workflows (submission, peer review, production, and publication). It applies to authors, reviewers, editors, readers, and visitors who interact with the site and our editorial systems.

JIWE complies with Malaysia’s Personal Data Protection Act 2010 (PDPA, Act 709) and its 2024 amendments. The PDPA establishes seven data protection principles (General; Notice & Choice; Disclosure; Security; Retention; Data Integrity; Access) that data controllers must follow. The 2024 amendments modernize the PDPA and (now in force) introduce, among other items, mandatory breach notification, data portability rights, increased penalties, and direct obligations for data processors on security.

For university-level processing outside this journal workflow, please consult Multimedia University’s Privacy Notice and contacts published on the MMU website.

2) What we collect

  • Account and profile data: name, affiliation, country, email, ORCID iD (if provided), role (author, reviewer, editor), and preferred contact details.

  • Manuscript and review data: submissions, metadata, cover letters, reviewer reports, editorial decisions, and related correspondence.

  • Technical data: IP address, device/browser information, access logs, session and security cookies essential to operate accounts and forms.

  • Analytics (if enabled): de-identified usage statistics to improve site performance.

  • Publications metadata: author names, affiliations, funding, acknowledgements, data/code availability statements, and licensing shown on article pages.

We collect these data directly from you or generate them during editorial processing. Where we receive personal data from third parties (e.g., suggested reviewers), we will provide appropriate notice at the earliest practicable time, consistent with PDPA Notice & Choice requirements.

3) Why we collect it

We process personal data for purposes directly related to journal activities, including: user registration, manuscript handling, peer review, production, publication, indexing, archiving, analytics, and user support. Under the PDPA, we rely on:

  • Consent (e.g., creating an account, opting into communications).

  • Contract or service administration (e.g., managing submissions and peer review).

  • Legal obligations and legitimate protections (e.g., misconduct investigations; safeguarding rights; preventing abuse).
    These align with PDPA’s General Principle and permitted bases (lawful purpose, necessity, data minimization). 

4) Cookies and similar tech

We use strictly necessary cookies to keep you logged in, secure form submissions, remember basic preferences, and prevent fraud. Where we employ optional analytics or integrations, we will display a clear notice and, where required, obtain consent before setting non-essential cookies.

5) Disclosure and recipients

We disclose personal data only to:

  • Editorial participants (assigned editors, reviewers) are under confidentiality.

  • Service providers strictly for operating the journal (hosting, email, manuscript system), under contract and PDPA security obligations.

  • Indexing and discovery services (e.g., Crossref, DOAJ) and research integrity services when necessary.

  • Public: article metadata you approve for publication (e.g., names, affiliations, ORCID, funding).

  • Regulators or institutions, when required by law or to address research/publication ethics concerns.

PDPA’s Disclosure Principle requires that any disclosure align with stated purposes and classes of third parties identified in our notices.

6) Cross-border transfers

Our hosting or service providers may process data outside Malaysia. Where transfers occur, we comply with PDPA Section 129 (as amended) using one or more safeguards: jurisdiction with substantially similar law or adequate protection; data subject consent; necessity for contract or vital interests; legal claims; or reasonable precautions with due diligence (e.g., transfer impact assessment, contractual clauses, binding corporate rules, certifications).

7) Security

We take practical steps to protect personal data against loss, misuse, unauthorised or accidental access or disclosure, alteration, or destruction, consistent with PDPA’s Security Principle. Our measures include role-based access, encrypted transport, access logging, and staff training. Data processors acting for us are contractually bound to comparable safeguards; under the 2024 amendments, processors now have direct legal obligations for security.

8) Retention

We retain account, manuscript, and review records only as long as necessary for editorial, legal, archival, and accountability purposes, and then delete or irreversibly anonymize them. This implements PDPA’s Retention and Data Integrity Principles.

9) Your rights

Subject to the PDPA and applicable exemptions, you may:

  • Access your personal data we hold and request correction of inaccuracies.

  • Withdraw consent (where processing relies on consent) without affecting prior lawful processing.

  • Data portability (effective 1 June 2025): request transmission of your personal data to another controller, where technically feasible.
    You may also object to certain processing or ask us to restrict processing where permitted by law. We will respond within a reasonable period and in accordance with PDPA procedures.

10) Children

This journal is intended for adult researchers and students in higher education. We do not knowingly collect personal data from children under the age permitted by local law without appropriate consent or authorization.

11) How to contact us

  • Journal privacy contact: please use the Contact page on the JIWE website or the editorial office email listed there; include “Privacy – JIWE” in the subject line for faster routing.

  • University-level privacy matters: see Multimedia University’s Privacy Notice for additional contacts and information. 

12) Complaints

If you believe we have not handled your data properly, contact us first so we can resolve your complaint. You may also lodge a complaint with Malaysia’s Department of Personal Data Protection (Personal Data Protection Commissioner).

13) Changes to this policy

We will post updates on this page and indicate the effective date. Material changes will be highlighted for transparency.