Privacy policy

Personal data processing on PrzypadkiMedyczne.pl and MedCaseReports.com — in brief, under the GDPR and Polish data protection law.

e-ISSN 2084-2708Open AccessGDPRMEDUCASE

At a glance

Each item has a short line and an expanded note below. The full policy continues in the sections underneath.

Controller

MEDUCASE Sp. z o.o., ul. Karpacka 18A, 54-617 Wrocław, Poland; KRS 581184, NIP 8943067789, REGON 362777567.

Details

The controller is MEDUCASE Sp. z o.o. The same registration details appear in the «Controller and scope» card (the first content card below the “At a glance” block). You may request information about processing and exercise your rights as described in this policy.

Legal basis

GDPR; Polish Act of 10 May 2018 on the protection of personal data.

Details

Processing is carried out under the GDPR, the Polish Act of 10 May 2018 on the protection of personal data, and other applicable provisions. If this text conflicts with mandatory law, mandatory law prevails.

Services

PrzypadkiMedyczne.pl and MedCaseReports.com — portal, account, editorial workflow, publications, payments where used, newsletter if enabled.

Details

This policy applies to the journal website under PrzypadkiMedyczne.pl and MedCaseReports.com, including the portal, user account, editorial workflow and publications, open and paid content, and any newsletter as enabled. Features may evolve; up-to-date information is always published on this page.

Main purposes

Service delivery (Art. 6(1)(b)); legal duties (c); security/claims (f); consent-based newsletter/marketing (a); health data only in published scientific content (Art. 9).

Details

We process data to provide the service (including account and publishing) — Art. 6(1)(b) GDPR; to comply with legal obligations — (c); for security and claims — (f) where needed. Newsletter and marketing rely on consent (a) or, narrowly, (f) with a right to object. Health data may appear only in published scientific material, under Art. 9 GDPR with data minimisation.

Authors in publications

Names in published articles are standard in scholarship; this is compatible with the GDPR when processing is lawful.

Details

Publishing names supports citations and scholarly attribution (including library databases) and may rely on Art. 6 GDPR (e.g. contract, consent or legitimate interests) and, for special-category data, Art. 9 GDPR and editorial rules. In Poland the supervisory authority is UODO/PUODO (not the former “GIODO” label). See the «Authors, review and data in publications» card.

Cookies / newsletter

Necessary cookies; others as per consent/settings. Newsletter only on consent or lawful subscription — unsubscribe in each message.

Details

We use strictly necessary cookies and — depending on settings or consent — other categories (e.g. functional, analytics, marketing). You may restrict cookies in your browser, but login or some features may be affected. Newsletters are sent only on consent or another lawful basis; each message contains an unsubscribe option.

Processors / transfers

Art. 28 GDPR agreements; transfers outside the EEA only with Chapter V safeguards.

Details

Processors (e.g. hosting, IT, payments) operate under agreements meeting Art. 28 GDPR. Transfers to third countries or international organisations outside the EEA are only allowed with appropriate Chapter V GDPR safeguards.

Your rights

Access, rectification, erasure, restriction, objection, portability (where applicable), complaint to the Polish DPA (UODO).

Details

You have rights including access, rectification, erasure or restriction of processing, objection (where processing is based on legitimate interests), portability where applicable, withdrawal of consent where processing relies on it, and lodging a complaint with the Polish supervisory authority (UODO).

Response time

Typically within one month (Art. 12(3) GDPR), subject to exceptions.

Details

We generally respond to requests under Art. 12(3) GDPR (typically within one month), with extensions where permitted by law.

Contact

contact@mdcse.com

Details

For data protection matters, use the e-mail address above. Please include enough information to handle your request without sharing unnecessary sensitive data.

Controller and scope

Controller: MEDUCASE Sp. z o.o., ul. Karpacka 18A, 54-617 Wrocław, Poland; KRS 581184, NIP 8943067789, REGON 362777567.

This policy covers the scientific journal website PrzypadkiMedyczne.pl and MedCaseReports.com (portal, user account, publishing workflow, open and paid content, and any newsletter). Processing follows the GDPR and the Polish Act of 10 May 2018 on the protection of personal data. Mandatory law prevails over this text.

Note: references on this page to the «Controller and scope» block mean this first content card below the “At a glance” summary.

Purposes and legal bases

  • Service delivery, account, editorial workflow and publication — Art. 6(1)(b) GDPR; security and claims — (f) where applicable.
  • Legal obligations — (c).
  • Newsletter / marketing — consent (Art. 6(1)(a)) or, in a narrow scope, (f) with right to object.
  • Health data only in published scientific content (e.g. case reports), under Art. 9(2) GDPR (including consent or (j) — manifestly made public), with data minimisation.

Publishing authors’ names in line with scholarly practice is explained under «Authors, review and data in publications».

Authors, review and data in publications

In a scientific journal, publishing authors’ names (and co-authors) is standard practice: it supports citations, identification of scholarly output in library systems and databases, and institutional reporting. This is not inherently incompatible with the GDPR where processing is lawful — typically under Art. 6(1)(b) (publishing services and manuscript workflow), (a) (consent) or (f) (legitimate interests in documenting and disseminating research in the appropriate form), together with verification, minimisation and the journal’s rules.

Special-category data, including health information in published material, is governed by Art. 9 GDPR and editorial/ethical rules (including anonymisation where required). Peer review is confidential; reviewers’ identifying data are not published under anonymous or double-anonymous models as applicable.

In Poland, the President of the Personal Data Protection Office (UODO) supervises GDPR application (the former “GIODO” label refers to an earlier setup). Publishing surnames in a scholarly context, in compliance with law and policy, follows widely accepted practice; data subjects retain their rights and complaint options as described under «Processors, retention, rights, contact».

Data, cookies, newsletter

We process: account/login data (e-mail, password hash, session); author, reviewer and editorial data needed for manuscripts; submission and publication content (including sensitive data where inherent to the research); technical data (e.g. IP, logs) as necessary; payment data via payment providers — we only receive what is needed to provide the service.

Cookies: strictly necessary cookies plus, per your settings/consent, functional, analytics or marketing cookies. You can restrict cookies in the browser; some features (e.g. login) may be affected. Third-party partners may set cookies under their policies if used.

Newsletter — only on consent or as permitted by law; unsubscribe link in each message.

Processors, retention, rights, contact

Processors (hosting, IT, payments, tools) work under Art. 28 GDPR agreements. Transfers outside the EEA only with Chapter V GDPR safeguards.

Retention: for the contract/account period and as required by law or claims; published articles remain in the scholarly record as usual.

Rights: access, rectification, erasure or restriction, objection (for (f) processing), portability where applicable, withdrawal of consent, complaint to the Polish DPA (UODO). Replies within Art. 12(3) GDPR (typically within one month).

Data protection contact: contact@mdcse.com.

Security, policy updates and closing

We apply Art. 32 GDPR measures (e.g. encryption, access control, user accounts). Peer review is confidential. Medical data in articles is handled per journal rules and law (including anonymisation where required), together with «Authors, review and data in publications».

Closing. This privacy policy describes processing on PrzypadkiMedyczne.pl / MedCaseReports.com, including legal bases, technical and marketing data, and — important for researchers — publishing authors’ names as part of standard scholarly attribution while respecting the GDPR and data subject rights. The current text is always on this page; we may update it for legal or operational reasons. Updated: April 2026.