Privacy Policy

Document History & Revision

Version No.	Effective Date	Revision Details
Version 1	6 July 2017	Initial release
Version 2	5 December 2021	Wording improvements; added DPO contact
Version 3	29 June 2024	Wording improvements; structure updates
Version 4	15 September 2024	Clarified purposes/grounds for processing
Version 5	7 November 2025	Updated controller/jurisdiction, retention, international transfers, security, cookies, and rights

1) Who We Are & Scope

- Controller: Pubrica – Guires Global Pvt. Ltd., 3rd Floor, 10 Kutty Street, Nungambakkam, Chennai 600 034, Tamil Nadu, India (“Pubrica”, “we”, “us”, “our”).
- This Policy governs personal-data processing across our websites (pubrica.com and sub-domains), secure client portals, emails, and professional services: editing, journal-publication support, research & analytics, algorithm and AI development, graphics, regulatory and compliance consulting, and allied advisory or educational content (collectively, “Services”).
- We operate as a professional services provider. Any “portal” references mean secure workspaces for file exchange and project execution.

2) What Personal Data We Collect

2.1 Identity & Contact

Name, role, organization, email, phone, postal/billing address, country, preferred language, communication preferences.

2.2 Project & Service Data (You Provide)

Manuscripts, figures, datasets, protocols, IRB/ethics materials, reviewer letters, journal correspondence, briefs for graphics, statistical specs, code/algorithms, regulatory dossiers, references, and any content needed to deliver Services.

2.3 Transaction & Technical

Invoices, GST/VAT, payment references (card processing via PCI-compliant providers), portal access logs, IP, device/browser, cookies/analytics identifiers, usage metadata.

2.4 Sensitive Categories (Limited; Consent-Based)

We do not intentionally collect special categories unless necessary for your project and you provide them explicitly (e.g., de-identified clinical tables for meta-analysis). Payment cards are handled by gateways; we do not store full card numbers.

2.5 Children

Services are for adults 18+. We do not knowingly collect children’s data.

3) Why & How We Use Your Data (Purposes & Legal Bases)

Purpose	Examples	Legal Basis
Service delivery	Editing, analytics, graphics, submission handling, regulatory compiles, advisory	Contract necessity
Client communication	Quotes, SoW, updates, invoices, support	Contract / Legitimate interest
Quality & training	Internal peer review, QA, process improvement, audits	Legitimate interest
Security & integrity	Access control, logs, fraud prevention, incident response	Legitimate interest / Legal obligation
Compliance & records	Tax, accounting, statutory retention, responding to lawful requests	Legal obligation
Marketing (optional)	Newsletters, webinars, product updates	Consent (opt-in)

We do not sell personal information.

4) Processor vs Controller

We act as Controller when dealing directly with clients, and as Processor when working under another organization’s written instructions. All sub-processors are bound by equivalent confidentiality and data-protection obligations.

5) Sharing & Disclosures

We may share data on a need-to-know basis with:

Internal teams and vetted subcontractors (editors, statisticians, designers, SMEs) under NDA/DPA.
Service providers (secure cloud/file transfer, reference tools, plagiarism/AI checks, analytics, communications, payment gateways).
Journals/conferences/registries only when you instruct us to submit.
Authorities/courts where required by law or to protect our rights, users, or systems.

No sale or rental of personal information.

6) International Transfers

Data may be processed in India and other countries where our experts or providers operate. We use reasonable safeguards (e.g., standard contractual clauses or equivalent contractual protections) for cross-border transfers. By using our websites or Services, you consent to such cross-border transfers as necessary for project delivery and support.

7) Security

We apply administrative, technical, and physical controls aligned with ISO 9001/ISO 27001 practices (role-based access, minimum necessary, encryption in transit/at rest where applicable, logging, vetting, confidentiality contracts, secure disposal). No method is 100% secure; we continuously improve controls.

8) Retention

Project files and communications: typically 12–24 months after project closure (or longer if required by law/contract/MSA).
Finance/tax records: per applicable statutes.
After retention, we delete or anonymize. You may request earlier deletion where legally permissible; this may affect our ability to support post-project queries.

Retention decisions consider: (a) purpose of use, (b) legal obligations, (c) contractual necessity, (d) value of the data to you and us, (e) security and cost risk, and (f) industry practice.

9) Cookies & Similar Technologies

We use essential cookies (operation/security) and analytics cookies (performance/usage). Manage preferences in your browser or via our banner (where available). Interest-based ads (if used) rely on reputable networks; opt-out tools may limit targeting but not generic ads.

10) Your Rights

Subject to applicable laws (e.g., GDPR/UK GDPR where relevant), you may request:

Access, correction, deletion
Restriction or objection to processing
Portability
Withdraw consent (for marketing or other consent-based uses)

We’ll respond within a reasonable time. Some requests may affect Service delivery or legal obligations.

11) Data Breach Response

On becoming aware of a personal-data incident, we will investigate, contain, and notify affected clients and, where required, regulators without undue delay and take reasonable remedial steps.

12) Testimonials & Portfolios

We publish testimonials only with prior consent. We may request permission to reference anonymized project learnings. We will not disclose confidential content or identifiers without written approval.

13) Social Media, External Links, and Third-Party Tools

Our websites may link to third-party sites or include widgets (Facebook, LinkedIn, Twitter, etc.). Interactions are governed by those parties’ privacy policies. We are not responsible for external content.

14) Email, Anti-Spam & Messaging

Marketing emails are opt-in and include unsubscribe links.
Transactional/operational emails (project updates, invoices, security notices) are necessary.
Our Acceptable Use Policy prohibits unsolicited or unlawful messaging via our systems.

15) Payments & PCI

Online payments are processed by PCI-compliant payment gateways. We do not store full card numbers. SSL/TLS is used for data in transit.

16) Your Responsibilities

You confirm any data you submit is accurate and that you have lawful rights to share it with us (including third-party data where applicable). Do not submit more personal data than is necessary for the Services.

17) Corporate Events

If Pubrica undergoes a reorganization, merger, acquisition, or asset transfer, your data may be part of the transferred assets. We will notify you of material changes in ownership/control impacting this Policy.

18) Policy Updates

We may update this Policy for legal, technical, or operational reasons. Material changes will be notified by email or portal notice, with the effective date shown at the top.

19) Contact & Regional Addresses

Controller & Primary Contact (India HQ)
Pubrica – Guires Global Pvt. Ltd.
3rd Floor, 10 Kutty Street, Nungambakkam, Chennai 600 034, Tamil Nadu, India
📧 privacy@pubrica.com | ops: operations@pubrica.com | accounts: accounts@pubrica.com
📞 +91-44-4212-4284

Regional Correspondence

United Kingdom: Greenheys Business Centre, Pencroft Way, Manchester M15 6JJ, UK
United States: 1341 W Mockingbird Lane, Suite 600W, Dallas, TX 75247, USA
United Kingdom (Sheffield): The Portergate, Ecclesall Road, Sheffield S11 8NX, UK

Data Protection Officer (DPO):

Name: Mr. Suresh

Email: sureskumar@pubrica.com