Compliance Information - GREC GANNA Research Center

Data Protection & Privacy Compliance

GREC is committed to protecting your data and complying with international data protection regulations.

GDPR Compliance (EU)

We comply with the General Data Protection Regulation (GDPR) for users in the European Union:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

HIPAA Considerations (US)

While our platform is not a covered entity under HIPAA, we implement security measures consistent with HIPAA standards for protecting health information:

• Encryption of data in transit and at rest
• Access controls and authentication
• Audit logging
• Regular security assessments

Data Localization

We store data in secure data centers with appropriate physical and technical safeguards. Data location and transfer comply with applicable regulations.

Research Ethics & Integrity

Ethical Research Practices

We promote and support ethical research practices:

• Respect for research participants
• Informed consent requirements
• Data integrity and accuracy
• Proper attribution and citation
• Conflict of interest disclosure

Institutional Review Board (IRB)

Researchers are responsible for obtaining appropriate IRB approval for their studies. The platform does not replace institutional ethics review processes.

Publication Ethics

We adhere to international standards for publication ethics:

• Originality and plagiarism prevention
• Proper authorship attribution
• Peer review integrity
• Correction and retraction policies

Security Standards

Technical Security Measures

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Authentication: Multi-factor authentication (2FA) available
• Access Control: Role-based access control (RBAC)
• Monitoring: 24/7 security monitoring and logging
• Backups: Regular automated backups with encryption

Organizational Security

• Regular security training for staff
• Incident response procedures
• Third-party security audits
• Vulnerability management program

Accessibility Compliance

We strive to make our platform accessible to all users, including those with disabilities, in accordance with:

• Web Content Accessibility Guidelines (WCAG) 2.1 Level AA
• Section 508 of the Rehabilitation Act (US)
• European Accessibility Act

Reporting & Transparency

Data Breach Notification

In the event of a data breach, we will:

• Notify affected users within 72 hours
• Report to relevant authorities as required
• Provide details of the breach and remediation steps
• Offer support and guidance to affected users

Transparency Reports

We publish annual transparency reports detailing:

• Data requests from authorities
• Security incidents
• Platform usage statistics
• Compliance updates