Personal Data Protection Notice

1. Scope

This notice explains how AcademicAR expects personal data to be handled when researchers upload 3D models, academic metadata, PDFs, and related publication materials. It is intended to support compliance with applicable data protection laws, including GDPR and Turkish Law No. 6698 on the Protection of Personal Data.

2. Medical Data and Anonymization

If an uploaded model is derived from medical, biological, patient, or human-subject data, the data must be anonymized before upload.

• Names, identity numbers, hospital numbers, and other direct identifiers must be removed.
• Geographic, demographic, or contextual details that could identify a person must be removed or generalized.
• The uploader must confirm anonymization during the upload process.
• AcademicAR does not verify the scientific or legal sufficiency of anonymization for each uploaded file.

3. Ethics Approval and Consent

When uploading models related to research involving human subjects, the uploader represents that:

• Required ethics committee or institutional approvals have been obtained.
• Informed consent has been collected where required.
• The uploader has the right to process and publish the material through AcademicAR.
• The upload complies with the rules of the relevant institution, journal, funder, and jurisdiction.

4. Consent and Upload Records

For accountability and audit purposes, AcademicAR may record the following information during upload and account activity:

• IP address: The network address associated with the request.
• Timestamp: The date and time of the relevant action.
• Consent version: The terms or notice version accepted by the user.
• Confirmation checklist: Required upload confirmations selected by the user.

These records may be retained to demonstrate compliance, investigate misuse, and respond to legal or institutional requests.

5. Processing Purposes

AcademicAR processes account and publication data to:

• Provide model hosting, conversion, viewer links, QR codes, and publication pages.
• Manage accounts, authentication, billing records, and support requests.
• Protect the service against abuse, security threats, and unauthorized access.
• Comply with legal obligations and enforce platform terms.
• Improve service reliability and understand aggregate usage patterns.

6. Controller and Processor Roles

• Uploader or institution: Usually acts as the data controller for uploaded research material and is responsible for lawful collection, anonymization, consent, and publication rights.
• AcademicAR: Provides the technical platform and may act as a processor or service provider for hosted content, depending on the circumstances.

The uploader remains responsible for ensuring that uploaded content is lawful, anonymized where required, and suitable for public or private sharing through the service.

7. Security Measures

AcademicAR uses technical and organizational measures designed to protect data, including:

• Encrypted transport through HTTPS/TLS.
• Access controls for account-owned resources.
• CSRF protection and secure session practices.
• Validation of uploaded file formats and size limits.
• Operational logging for security and audit purposes.

8. Data Breach Handling

If AcademicAR becomes aware of a security incident affecting personal data, it will assess the scope, take mitigation steps, and notify affected users or authorities where legally required.

9. International Transfers

AcademicAR may use hosting, storage, analytics, or infrastructure providers that process data in different jurisdictions. Where required, the uploader is responsible for confirming that such transfers are permitted for the relevant research material.

10. Individual Rights

Depending on applicable law, individuals may have rights to access, correct, delete, restrict, export, or object to certain processing of their personal data. Requests can be sent to privacy@academicAR.com.

11. Responsibility Notice

12. Contact

For privacy or data protection questions, contact:

Email: privacy@academicAR.com