Effective Date: 2026.02
Overview
BCI Lab is committed to maintaining institutional-grade data governance standards consistent with international best practices, including principles reflected in the EU General Data Protection Regulation (GDPR), where applicable.
This Policy explains how data is collected, processed, retained, and protected.
Data Collected
BCI Lab may collect limited categories of data, including:
• Contact information voluntarily submitted (e.g., email inquiries)
• Website analytics data (e.g., anonymized usage metrics)
• Technical data (IP address, browser type, device identifiers)
• Subscription-related metadata
BCI Lab does not collect sensitive personal data, financial account credentials, or private non-public data through its public website.
Purpose of Processing
Data is processed solely for:
• Responding to inquiries
• Maintaining publication distribution
• Improving research dissemination
• Ensuring system security and integrity
• Maintaining audit logs for governance compliance
No personal data is sold or monetized.
Legal Basis for Processing
Where applicable under EU law, processing is based on:
• Legitimate interest in maintaining institutional communications
• Consent (for voluntary subscriptions)
• Compliance with legal obligations
Users located in the European Economic Area may exercise rights consistent with GDPR principles, including:
• Right of access
• Right of rectification
• Right of erasure
• Right to restrict processing
• Right to data portability
Requests may be submitted via official contact channels.
Data Retention
Unless otherwise required by law, personal data and associated communication logs are retained for a maximum period of three (3) years from the date of last interaction.
Research-related calibration data, version logs, and audit documentation may be retained for institutional continuity and compliance purposes under controlled archival protocols.
Data Security
BCI Lab maintains commercially reasonable technical and organizational safeguards designed to prevent unauthorized access, alteration, disclosure, or destruction of data.
Absolute security cannot be guaranteed; however, governance protocols are periodically reviewed.
Third-Party Services
BCI Lab may use third-party service providers for hosting, analytics, or communication infrastructure.
Such providers are selected based on industry-standard compliance representations.
BCI Lab does not control external privacy practices beyond its operational domain.
International Transfers
Given the global nature of digital access, data may be processed in jurisdictions outside a user’s country of residence.
Where applicable, reasonable safeguards consistent with international data protection principles are applied.
Policy Updates
This Privacy Policy may be updated periodically.
Material revisions will be reflected through version control and effective date modification.
