This policy was last updated on 21/05/2020.
We will only use the personal data gathered over this website as set out in this policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.
I. Summary of our processing activities
We publish scholarly journals, books, news and data. Some of this material is freely available. The following summary offers a quick overview of the data processing activities that are undertaken on our website. You will find more detailed information under the indicated sections below.
- When you visit our website for informational reasons without setting up an account, only limited personal data will be processed to provide you with the website itself (see III).
- If you are identified as belonging to a customer organisation then we collect information in order to be able to provide usage reporting to that customer.
- In case you register for one of our services, use the submission and peer review systems or subscribe to our newsletters, further personal data will be processed in the scope of such services (see IV and V).
- Furthermore, your personal data will be used to provide you with relevant advertising for our services and products (see VII) and for statistical analysis that helps us to improve our website (see VIII). Additionally, we improve your website experience with third party content (see IX).
- Your personal data may be disclosed to third parties (see X) that might be located outside your country of residence; potentially, different data protection standards may apply (see XII).
- We have implemented appropriate safeguards to secure your personal data (see XIII) and retain your personal data only as long as necessary (see XIII).
- Under the legislation applicable to you, you may be entitled to exercise certain rights with regard to the processing of your personal data (see XIV).
Personal data: means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.
Processing: means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or any kind of disclosure or other use.
III. Informational use of the website
When you visit our website for informational reasons, i.e. without registering for any of our provided services listed under IV and without providing us with personal data in any other form, we may automatically collect additional information about you which will contain personal data only in limited cases and which is automatically recognised by our server, such as:
Examples might include:
- your IP address;
- your device type, name and IDs;
- the date and time of your requests;
- the content of your requests;
- information on your browser version;
- your screen resolution;
- information on your operating system, including language settings.
We use such information only to assist us in providing an effective service (e.g. to adapt our website to the needs of your device or to allow you to log in to our website), and to collect broad demographic information for anonymised, aggregated use.
If you are identified by IP or equivalent method as belonging to a customer organisation such as university or a company then we will also collect the identity of that organisation and use it to create usage reports which show the organisation how much of the content we publish is being read by their students, members or employees. This information does not contain anything related to a personal login unless (a) you are a nominated administrator for that organisation or (b) your organisation specifically requires it as a part of a usage-based access contract.
The personal data automatically collected is necessary for us to provide the website, Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest to guarantee the website’s stability and security, Article 6 sec. 1 sent. 1 lit. f GDPR.
IV. Registration for our services
Access to subscription content is provided via a variety of mechanisms such as IP site licenses, login via third party federated identity providers or by a personal account with us. Using the federated authentication method institutional selection data may be stored locally in your browser and shared with third party websites that you visit to ease the process of institutional authentication. If your access to our content is provided by an organisation or an institution like a university or a company then they choose the access method on your behalf. A personal account is required to purchase content directly from us, or to receive personal services like newsletters and alerts.
If you need to create a personal login with us then we will store and process the following:
- Information (such as your name, user name and email address) that is provided by registration;
- Information in connection with an account sign-in facility (e.g. log-in and password details);
- Communications sent by you (e.g. via e-mail or website communication forms).
The information that is necessary for the performance of the service is labelled accordingly. All further information is provided voluntarily.
We will process the personal data you provide to:
- Identify you at sign-in;
- Provide you with the services and information offered through the website or which you request;
- Administer your account;
- Communicate with you;
- (behavioural) Advertising and profiling;
- Facilitate attendance of a conference;
- Manage manuscript submissions;
- Provide access (where appropriate) to other Springer Nature group content if you so request
For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR. The use of your personal data for behavioural advertising and profiling is done for the legitimate interest to improve your experience while using the website, Article 6 sec. 1 sent. 1 lit. f GDPR.
We use the personal data and contact data you provide by registration to inform you directly about our additional products and services. The use of your personal data for directly advertising related products and services is a legitimate interest for us as a provider of this website, Article 6 sec. 1 sent. 1 lit. f GDPR.
You can object to the use of your personal data for direct marketing at any time. We will then refrain from any processing to the extent it is related to such purposes. You may opt-out of direct marketing via opt-out links in any marketing communication or via user profile pages on the website (where available). You can also inform us about your objection by contacting our Data Protection Office at email@example.com.
Registration data is kept until such time as an account deletion request is made. If such a request is received we will erase your data within 30 days. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.
V. Information about the specific uses that require registration
You can publicly comment on our blog where we post a variety of articles to inform you about our activities. When posting a comment your name or user name will be made public. To be able to comment on our blog you will have to register as described in IV.
In addition to the extent of processing described under IV, when you post a comment we will retain some of your personal data such as your IP address and name and other metadata such as time of posting. This is necessary to defend ourselves from possible liability claims that may arise from unlawful comments posted by you and reflects our legitimate interest with regard to the legal justification of this processing activity in Article 6 sec. 1 sent. 1 lit. f GDPR.
We reserve the right to delete comments that are off-topic, spam, abusive, use excessive foul language, include ad hominem attacks or offend against legal regulations.
2. Web shop
For the use of our web shop you have to set up an account as described under IV. Your customer account retains your personal data for future purchases. You can delete the personal data as well as the account in your account’s settings. This processing is based on Article 6 sec. 1 sent. 1 lit. b.
By statutory law we are required to retain the provided financial data in relation to transactions (including address, payment and order information) for ten years. However, after 2 years we will restrict the processing of your personal data to comply with the statutory requirements and will not process the personal data any further. Regarding this, the retention of your personal data is based on Article 6 sec. 1 sent. 1 lit. c GDPR.
3. Article alerts and newsletters
With your email address you can subscribe to our newsletters that provide you with the latest news about our products and services if you consent to receiving such newsletters. The legal basis for this processing is Article 6 sec. 1 sent. 1 lit. a GDPR. Your email address will be retained as long as you subscribe to our newsletters.
You can unsubscribe from this service by opting out via the link provided in each newsletter.
You can sign up for newsletters and request to be contacted about our products and services via Facebook. For this purpose, we are using Facebook Lead Ads, a service by Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304 U.S. ("Facebook"). Lead Ads makes it even easier for you to sign up to newsletters and request to be contacted as the form will already be pre-populated via Facebook with your data and you only need to submit the form. Of course, you have the opportunity to amend and review the data before submission. For more information on how lead ads work see here - https://www.facebook.com/business/ads/lead-ads.
The legal basis for this processing is Article 6 sec. 1 sent. 1 lit. a GDPR. Your email address will be retained as long as you subscribe to our newsletters or until you request the removal of your email address.
You can unsubscribe from newsletters by opting out via the link provided in each newsletter. If you inquired about a product or service and no longer wish to be contacted, you can email firstname.lastname@example.org, citing the name of the product or service, and request that your email address be removed.
4. Nature Conferences
Springer Nature America, Inc. (“SNAI”) [1 New York Plaza, Suite 4500, New York, NY 10004-1562, USA] and for China, Macmillan Information Consulting Services (Shanghai Co. Ltd) [10-11unit, 42 Floor, The Center, 989 Changle Road, XuHui District, 200031 Shanghai, CHINA], affiliates of Springer Nature Limited (together “Springer Nature entities”), collect personal data from attendees to Nature conferences to facilitate registration and plan for the events. This includes data categories such as: Identification data (which may include name, address, telephone number, email address), entity type (e.g. academic, government, industry), position titles, curriculum vitaes, professional license information, dietary requirements, gender, information for travel arrangements (i.e., passport data, date of birth) and payment information. We also request information relating to requirements for reasonable accommodation where physical assistance may be needed to attend. We may collect data through a third party vendor such as Eventsforce Solutions Ltd. Eventsforce acts as a data processor on our behalf. The use of your personal data in relation to conference attendance is based on Article 6 sec. 1 sent. 1 lit. b GDPR and Art. 9 sec. 2 lit. a GDPR with regard to all health-related information you share with us in order to enable us to provide the required physical assistance to you.
With the consent of attendees, we may use personal data, specifically identification data such as name and email address, to share information with attendees about future Nature conferences or other products, services and special offers. We’ll continue to send you information and store your data until you ask us to be removed. This notification service is based on your consent, Article 6 sec. 1 sent. 1 lit. a GDPR.
5. Manuscript submission and Peer Review
Our Submission and Peer Review System offers the services of peer review, content preparation and proofing, publication and dissemination of research. In order to use the aforementioned services you have to set up an initial account. Where optional paid services may be engaged, you will be prompted to set up an additional, or enhance an existing account.
With regard to the registration of an account and its subsequent use, we process the following information.
- Information that is provided by registration such as your name, user name and email address.
- Information in connection with an account sign-in facility, e.g. log-in and password details;
- Communications sent by you, e.g. via e-mail or website communication forms.
- Content files and covering letters provided by you
- Grants, funding, membership, institution, society, committee registration
- Billing or invoicing information
- Information received from societies we work with, e.g. address, name, email address
The information that is necessary for the performance of the service is labelled accordingly.
We will process the personal data you provide in order to:
- Identify you at sign-in;
- Administer your account;
- Provide you with the services and information offered through the Submission and Peer Review System or which you additionally request;
- Communicate with you;
- Process payments
- Provide information to you as an Author about other publishing opportunities, with the Springer Nature group, you can stop these communications at any time by clicking the link in each email or contacting customer services;
- Communicate with you in your capacity as a current or potential Peer Reviewer, Editorial Board Member, or external Editor to provide information about the journal (s) and content you have worked on; you can stop these communications to you as a Peer Reviewer, Editorial Board Member, or external Editor at any time by clicking the link in each email or contacting Customer Service at email@example.com. Stopping these communications will not affect your status as Peer Reviewer, Editorial Board Member or external Editor with respect to the journal.
- Create a profile of your publication record based on publicly available data, such as published books and articles, citations and grants awarded. This information will not be used to determine article acceptance, nor will it be used for automated decision making (see section VI for more information on automated decision making). This information will be used to personalise communications and provide you with the latest news about our products and services;
To ensure the accuracy of content attribution and the quality and integrity of the peer review processProvide you with e-alertsOffer to transfer your submission to an alternative Springer Nature title if applicableAuthorise and process Article Publication Charges (APCs)
For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest in optimizing our services and preventing fraud, Article 6 sec. 1 sent. 1 lit. f GDPR.
Your personal account registration data is, in the absence of exceptions within the specific services mentioned, retained for as long as your account is used. Non-activity is defined at a minimum of five years, to facilitate ease-of-return for account holders. Content and communications, associated with submissions, reviews or decisions made by an account holder is held for a period of 12 months following final decision before being stored within long term limited-access archiving. Content may be engaged in relation to the services provided and in the interests of the integrity of published material. Such a decision will be made under the oversight of the Springer Nature Research Integrity Group. The need for legal actions within the services or payment problems can lead to a longer retention of your personal data.
In order to ensure the high quality of our journals and publications as well as the significance of the scientific research published, we have implemented a peer review procedure.
In order to find and contact suitable and qualified peer reviewers within the relevant research community, editorial team members may process some of your basic personal data (i.e. Email address, name and research interest) to register you for our Peer Review System. The legal basis for processing your personal data is our and the Publisher’s or the respective editor’s legitimate interest in finding and contacting suitable and qualified peer reviewers to ensure the high level of papers and articles published in our journals, Art. 6 (1) sent. 1 lit. f GDPR.
As a Peer Reviewer or external Editorial Board Member we will contact you from time to time about the journal(s) and content that you have worked on, Art. 6 (1) sent. 1 lit. f.
If you do not wish to be contacted any longer, you can contact us at firstname.lastname@example.org. Please note that we may keep some of your personal data to recall your explicit wish to not be contacted for any peer review procedure in the future and thus, to prevent any future processing of your data in this regard. The legal basis for this is our and your legitimate interest in recalling your wish and preventing any future contacting, Article 6 (1) sent. 1 lit. f GDPR.
VI. Automated decision making
We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you; however we do use your personal data to offer you content and services which we believe may be of interest.
VII. Online advertising, e-commerce and related tools
The cookies and web beacons enable our service providers to collect information about you and your surfing behaviour, e.g. IP address, browser information, information on user activities and click data, and to recognize visitors to our website under a pseudonym and only display products that are likely to be of interest to our visitors. Most of the tools use pseudonymised or aggregated data, e.g. shortened IP addresses. The data is used to analyse the use of our website and, thereby, improve and optimize the website and to display advertising tailored to your needs. We collect this data (to improve your website experience and to promote our products and services) via OneTrust, a cookie management tool; you can update your preferences here.
Personal data collected via first party cookies is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to promote our products and services. We collect this data via a cookie management tool; you can update your preferences here .
Personal data collected via third party targeting cookies is based on your consent, managed via our preference centre here; Article 6 sec. 1 sent. 1 lit. a GDPR.
Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider nor do we know the processing’s purpose or the period your personal data will be retained. Your personal data will be transferred to and processed inside and outside of the EEA. For further information about the potential risks of a cross border data transfer refer to XI.
It is possible that the above providers may disclose your personal data to its business partners, third parties or authorities.
You can prevent the installation of such a cookie (i) by a respective setting of your browser that blocks the installation of third party cookies, (ii) by deactivating the interest-related advertising under https://www.google.co.uk/ads/preferences, (iii) generally blocking cookies under https://www.google.co.uk/settings/ads/plugin or (iv) by deselecting the option for tracking cookies via the Springer Nature cookie preference centre.
Google AdWords Remarketing and Facebook Custom Audience
In this Website, we use the remarketing or “Similar audiences” feature of AdWords offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”
Third party providers, including Google, place advertisements on websites on the Internet. Third party providers, including Google, use stored Cookies/tracking information to place advertisements based on previous visits of a user on this Website.
For additional information on the anonymous analysis of your search behaviour please refer to:
You may object to data collection and storage for the purpose of remarketing at any time - this objection will be effective for the future, but not retroactively - by deactivating interest-based advertising in Google or by deactivating the services on the website of the Network Advertising Initiative. Note: in that case, you may not be able to use all features of this Website anymore. By using this Website, you grant your consent to the processing of data collected about you by Google in the manner and for the purpose described above.
Furthermore, this Website uses retargeting tags and Custom Audience of Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304 U.S., hereinafter referred to as “Facebook”.
When you visit our web pages, remarketing tags will build a direct connection between your browser and the Facebook server. This way, Facebook learns that you have visited our web page with your IP address. This will enable Facebook to match your visit of our pages with your user account. The information obtained this way can be used to display Facebook ads. Please note that we as the provider of the webpages do not receive any information on the contents of data transferred and their use by Facebook.
If you do not wish your data to be collected via Custom Audience, you can deactivate Custom Audience using this link.
We use Onetrust, a service provided by OneTrust LLC, Dixon House, 1 Lloyd's Avenue, London, EC3N 3DQ (“Onetrust”). We use Onetrust services to provide information about the cookies and other tracking technology used on our website and to manage user preferences on that behalf.
Onetrust places the following cookies on your computer:
OptanonAlert, OptanonConsent, _dc_gtm_UA-xxxxxxxx
This allows us to identify if the cookie banner is displayed, which choices you made and how to act upon those choices (Opt-in or Opt-out of cookie categories). These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences. To review your current settings please go to https://0-www-biomedcentral-com.brum.beds.ac.uk/cookies. These cookies do not store any personally identifiable information.
You can set your browser to block these cookies, but some parts of the site may then not perform as designed.
For more information about privacy policies and Onetrust, please refer to the Onetrust website: https://onetrust.com/privacy-notice/.
For statistical analyses we use web analytics services such as Google Analytics, collect information about the use of this site.
General tracking information
The tools collect information such as:
- Device and browser information (operating system information, Mobile device identifier, mobile operating system, etc.)
- IP address
- Page accessed, URL click stream (the chronological order of our internet sites you visited)
- Geographic location
- Time of visit
- Referring site, application, or service
We use the information we get from the providers to determine the most useful information you are looking for, and to improve and optimise this website.
If you do not express a preference regarding tracking we will track your behaviour online for the purposes described above; this data will not be shared outside of SpringerNature. You can stop this tracking here. The legal basis for this processing via Google Analytics is Art. 6 sec. 1 sent. 1 lit.f GDPR and represents our legitimate interest to analyse our website’s traffic to improve the user’s experience and to optimise the website in general.
We do not share information on your web behaviour with any 3rd party providers without your explicit consent. Consent is provided by clicking the appropriate button on the web banner that appears on your first visit to the website. You can update or withdraw your consent by visiting OneTrust. The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. a GDPR and represents you consent to accepting 3rd party targeting cookies.
Depending on the provider the information generated about your use of the website may be transferred to and processed in third countries, e.g. the United States. For further information about the potential risks of a cross border data transfer please refer to section XI. The tools collect only the IP address assigned to you on the date you visit this site, rather than your name or any other identifying information. The provider will use this information in order to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet use to us.
The legal basis for the data transfer is Art. 28 GDPR in conjunction with the data processing agreement.
IX. Third party content and social media plug-ins
1. Social media plug-ins
We use the following social media plug-ins: Facebook, Twitter. This allows you to communicate with such services and like or comment from our website. Social media plug-ins enable a direct communication between your device and the servers of the social media provider, allowing the social media provider to communicate with you and collect information about you browsing our website. This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to optimise our services.
Transfer of personal data takes place whether you have an account with the provider or not.
Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider nor do we know the processing’s purpose or the period your personal data will be retained.
a) Facebook Social Plugins
We use so-called social plugins („plugins“) of the social networking site facebook.com provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins can be identified by one of Facebook’s logos (white “f” on blue tile or a “thumps-up”-sign) or by the additional text “Facebook Social Plugin”. The list of Facebook Social Plugins and their appearance can be accessed via: http://developers.facebook.com/plugins.
If a user visits one of the websites using such a plugin, the user’s browser directly connects to Facebook’s servers. The plugin and its content are made available directly on Facebook’s servers and included in the website by the user’s browser.
Due to the integration of the plugin Facebook collects the information that a user is visiting the corresponding website. If the user is logged in on Facebook at the moment he or she visits the website, Facebook may be able to connect the visit on the website to the user’s Facebook account. If the user interacts with the plugin – for example if he or she presses the like button or comments on something – the user’s browser transmits this information to Facebook. Facebook stores this information. If a user is not a member of Facebook, Facebook may collect and store the user’s IP-address. Facebook states that it only collects anonymized IP-addresses in Germany.
The reason for and scope of the data acquisition and information about the way in which the data is processed and used by Facebook, as well as the user’s rights in this respect and settings options for protecting the users privacy can be found under: http://www.facebook.com/policy.php.
If the user is a member of Facebook and does not wish Facebook to collect personal data via this homepage and to link this with his data stored on Facebook, the user needs to log off from Facebook before going to this homepage.
The user may also block Facebook’s plugins using add-ons for the user’s browser, for example the “Facebook Blocker“.
We use the twitter-button. The button is provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. (“Twitter”) The buttons are marked using the text “Twitter” or “Follow” and a stylized blue bird. The button enables the user to share an article or a website of this homepage on Twitter or to follow the provider on Twitter.
If a user visits one of the websites using such a button, the user’s browser directly connects to Twitter’s servers. The Twitter-button and its content are loaded directly from Twitter’s servers and included in the website by the user’s browser. According to the provider’s knowledge, Twitter collects the user IP-address and the website’s URL when the button is loaded from Twitter’s servers. However, this data is only be used for loading and displaying the Twitter-button.
Further information can be found in Twitter’s privacy statement under: https://twitter.com/privacy.
X. Information sharing
Where personal data is disclosed to third parties for the purposes mentioned above the legal basis for the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR. Some of the recipients may reside outside the EEA. For further information about cross border transfer in general and transfers outside of the EEA see section on Cross border data transfers.
We may disclose your personal data to contractors who assist us in providing the services we offer through the website. Such a transfer will be based on data processing agreements (Art. 28 GDPR). Therefore, our contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests.
In the event that we undergo re-organisation or are sold to a third party, any personal data we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law.
We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order). The legal basis for this will be Article 6 sec. 1 sent. 1 lit. c GDPR (in conjunction with the respective national law).
1.Peer Review and Author Services
In the course of providing our peer review services, your data may be accessed by different members of the editorial team such as editors and assistant to the editorial office. To determine the locations of the Editorial board members, you may refer to a journal’s homepage. Granting access to your personal data and the respective processing activity will be based on our and the legitimate interest of the respective society publishing the Journal in successfully publishing high quality articles and papers and ensuring the quality and significance of the respective research published in our journals, products and databases, Article 6 sec. 1 sent. 1 lit. f GDPR. In order to do so we and/or the respective society may process your personal data to find, contact and evaluate suitable and qualified peer reviewers within the relevant research community.
This also includes data sharing between us and the respective society. For example, we may share reviewer and author data to publish the journal.
Please note that the society and we are independently responsible for the respective data processing conducted. We neither have the control of the extent to which personal data is processed by the respective society nor do we control the processing purpose or the period your personal data will be retained. It is also possible that the above-mentioned societies may disclose your personal data to their business partners, third parties or authorities. For further information on the data processing under the society’s control please refer to the respective society’s privacy notice.
Your personal data will be transferred to and processed inside and outside of the EEA. For further information on cross border data transfer, please refer to section on Cross border data transfers.
As an author we’ll share your personal data with third parties, like your institution or employer. This is required to manage and approve payment of associated Article Publication Charges (APCs) in order to fulfill the publication of your manuscript. The legal basis is Art. 6 (1) 1 lit. c GDPR.
Customer service, administrative, operational and systems support is provided by other entities of the Springer Nature Group and third party contractors (together “Contractors”). We may disclose your personal data to Contractors who assist us in providing the services we offer through the Submission and Peer Review System. Such a transfer will be based on data processing agreements in accordance with Article 28 of the GDPR. Therefore, our Contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests. Further services, provided by third party technology and service providers, are similarly bound by data processing agreements.
2. Usage Reports
We may disclose anonymous aggregate statistics about users of the website in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personal data. We also supply standardized usage reports to institutional customers, also known as Counter Reports. For more information on Counter Reports - https://www.projectcounter.org/code-of-practice-sections/usage-reports/
In addition to the above mentioned anonymous reports and by special arrangement:
When you read research journals and eBooks or use database products, we will process your personal data to create usage reports. For journals and eBooks this will include your full text HTML and PDF downloads, your IP address and potentially your email address. This data is necessary for the usage report as it provides information on the usage and overall interest in a particular journal or group of journals or eBooks.
The legal basis is Art. 6 (1) 1 lit. f GDPR. We have a legitimate interest to assess and evaluate the use of our content to be able to improve our services. We will retain this data securely for ongoing internal analysis and future reference.
We may share the usage data with licensee under whose license you are accessing and using our services, (e.g. your employer, the institution you are a member to, your university etc. “Licensee”). The legal basis is Art. 6 (1) 1 lit. f GDPR. The Licensee has a legitimate interest in using the usage data to assess and evaluate the economic efficiency of its license for our content. Based on this evaluation, the Licensee will be able to determine e.g. the necessity to obtain more licenses or reduce the number of licenses or to allocate costs internally. Further, the usage data may allow the Licensee to request contributions or funding. The Licensee is contractually limited to use using the usage data for no other purposes than these economic efficiency assessment purposes.
In addition, we ourselves have a legitimate interest in enabling the Licensee to use the usage data to conduct respective evaluation and assessments is also in our interest as it makes our service more attractive for the Licensees.
If the Licensee resides outside the EEA, the transfer is safeguarded by a Commission’s adequacy decision such as the Privacy Shield or EU Standard Contractual Clauses. You can find further information about the aforementioned safeguards by contacting email@example.com.
You may object to the transfer of the usage data to the Licensee at any time without reason by sending an email to firstname.lastname@example.org.
XI. Cross border data transfers
Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.
In the case of a transfer outside of the EEA, this transfer is either safeguarded by the Privacy Shield or EU Model Clauses in accordance with Article 46 GDPR. You can find further information about the aforementioned safeguards by following this link https://ec.europa.eu/info/law/law-topic/data-protection_en or contact our Group Data Protection Officer via email@example.com for specific information on respective safeguards.
We have reasonable state of the art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.
XIII. Data retention
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
XIV. Your rights
Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:
1. require (i) information as to whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
2. request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
3. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
4. object, on grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
5. take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators;
6. require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
7. not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.
You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.
XV. Contacting us
The information you provide when contacting us at firstname.lastname@example.org will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.
XVI. Amendments to this policy