Privacy Notice
Your privacy is important to the Open Research Community. This privacy notice provides information about the personal information that the Open Research Community collects, and the ways in which the Open Research Community uses that personal information.
The Open Research Community website is hosted by Zapnito (https://zapnito.com). In accordance with the article 26 of the General Data Protection Regulation (GDPR), Zapnito is responsible for the data protection compliance of the community. The privacy policy of Zapnito can be found at the following link: https://zapnito.com/privacy/.
If you have questions or concerns about data protection or privacy issues related to the hosting platform of the Open Research Community, please contact Zapnito via this e-mail: contact@zapnito.com.
Personal information collection
The Open Research Community may collect and use the following kinds of personal information:
- information about your use of this website (including what pages you visit and time and date of your visit);
- information that you provide using for the purpose of registering with the website (including your name, email address, job title, company name and country);
- information about transactions carried out over this website (including your comments and messages); and
- any other information that you send to the Open Research Community.
Using personal information
The Open Research Community may use your personal information to:
- administer this website;
- personalise the website for you;
- enable your access to and use of the website services;
- publish information about you on the website;
- send to you products that you purchase;
- supply to you services that you purchase;
- send to you statements and invoices;
- collect payments from you; and
- send you marketing communications.
Where the Open Research Community discloses your personal information to its agents or subcontractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy notice.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, the Open Research Community may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
Data processing activities
The following summary offers an overview of the data processing activities that are undertaken on our website:
- When you visit our website for informational reasons without setting up an account, only limited personal data will be processed to provide you with the website itself;
- If you register, further personal data will be processed in the scope of such services;
- If you are identified as belonging to a customer organization then we collect information in order to be able to provide usage reporting to that customer;
- Your personal data may be used to provide you with relevant advertising and for statistical analysis that helps us to improve our website;
- Your personal data may be disclosed to third parties that might be located outside your country of residence, to which potentially different data protection standards may apply;
- We have implemented appropriate safeguards to secure your personal data and retain your personal data only as long as necessary;
- Under the legislation applicable to you, you may be entitled to exercise certain rights with regard to the processing of your personal data.
Definitions
The data protection declaration of the Open Research Community is based on the terms used by the European legislator for the adoption of the GDPR. Our data protection declaration should be legible and understandable for the general public. To ensure this, we would like to first explain the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
- a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
- c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
- f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- k) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Cookies
The Internet pages of the Open Research Community use cookies. Cookies are text files that are stored in a computer system via an Internet browser.
Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.
Through the use of cookies, the Open Research Community can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Collection of general data and information
The website of the Open Research Community collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, the Open Research Community does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the Open Research Community analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Informational use of the website
The personal data automatically collected is necessary for us to provide the website, Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest to guarantee the website’s stability and security, Article 6 sec. 1 sent. 1 lit. f GDPR.
Registration for our services
Access to registrant/subscription content is provided via a variety of mechanisms such as IP site licenses, login via third party federated identity providers or by a personal account with us.
We may use the personal data and contact data you provide by registration to inform you directly about additional products and services.
For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR. The use of your personal data for behavioral advertising and profiling is done for the legitimate interest to improve your experience while using the website, Article 6 sec. 1 sent. 1 lit. f GDPR.
We offer email notifications if you register. Registration is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to register. You can unsubscribe from our email notifications by opting out via the link provided in each notification email. This notification service is based on your consent, Article 6 sec. 1 sent. 1 lit. a GDPR.
Registration data is kept until such time as an account deletion request is made. If such a request is received, we will erase your data within 30 days. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.
Specific uses that require registration
- Commenting
You can publicly comment on our website. When posting a comment your name or user name will be made public. To be able to comment on our website you will have to register.
When you post a comment we will retain some of your personal data such as your IP address and name and other metadata such as time of posting. This is necessary to defend ourselves from possible liability claims that may arise from unlawful comments posted by you and reflects our legitimate interest with regard to the legal justification of this processing activity in Article 6 sec. 1 sent. 1 lit. f GDPR.
We reserve the right to delete comments that are off-topic, spam, abusive, use excessive foul language, include ad hominem attacks or offend against legal regulations.
- Email notifications
If you register you can receive our email notifications. The legal basis for this processing is Article 6 sec. 1 sent. 1 lit. a GDPR.
Registration is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to register.
You can unsubscribe from our email notifications by opting out via the link provided in each notification email.
Automated decision making
We do not use your personal data for automated decision making which produces legal effects concerning you or significantly affects you. However, we may use your personal data to offer you content and services which we believe may be of interest.
Analytics
For statistical analyses we use web analytics services to collect information about the use of this site.
Depending on the provider the information generated about your use of the website may be transferred to and processed in third countries, e.g. the United States. The tools collect only the IP address assigned to you on the date you visit this site, rather than your name or any other identifying information. The provider will use this information in order to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet use to us.
The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyze our website’s traffic to improve the user’s experience and to optimize the website in general.
Information sharing
Where personal data is disclosed to the following third parties for the purposes mentioned above the legal basis for the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR. Some of the recipients may reside outside the EEA.
We may disclose anonymous aggregate statistics about users of the website in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personal data.
We may disclose your personal data to contractors who assist us in providing the services we offer through the website. Such a transfer will be based on data processing agreements. Therefore, our contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests.
In the event that we undergo re-organization or are sold to a third party, any personal data we hold about you may be transferred to that re-organized entity or third party in compliance with applicable law. We may disclose your personal data if legally entitled or required to do so, for instance, if required by law or by a court order.
Cross border data transfers
Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries, including countries outside the European Economic Area (EEA), which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavor to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.
In the case of a transfer outside of the EEA, this transfer is safeguarded by privacy the Privacy Shield and EU Model Clauses. You can find further information about the aforementioned safeguards by following this link https://ec.europa.eu/info/law/law-topic/data-protection_en.
Information that the Open Research Community collects may be stored and processed in and transferred between any of the countries in which the Open Research Community operates to enable the use of the information in accordance with this privacy notice.
In addition, personal information that you submit for publication on the website will be published on the internet and may be available around the world.
You agree to such cross-border transfers of personal information.
Securing your data
The Open Research Community will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information.
The Open Research Community will store all the personal information you provide on its secure servers.
Information relating to electronic transactions entered into via this website will be protected by encryption technology.
Data retention
We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.
Links to third party websites
This website may contain links to other websites.
The Open Research Community is not responsible for the content, data collection, privacy policies or practices of any third party and its websites.
Please check the privacy policy of respective websites for information of respective websites’ data processing activities.
Data subject rights
Under the legislation applicable to data subjects, data subjects may be entitled to exercise some or all of the following rights:
- require (i) information as to whether personal data is retained and (ii) access to and/or duplicates of personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
- request rectification, removal or restriction of personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
- refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw consent to processing of personal data at any time;
- object, on grounds relating to particular situation, that personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented, we will either stop processing personal data or present our compelling legitimate grounds for an ongoing processing;
- take legal actions in relation to any potential breach of rights regarding the processing of personal data, as well as to lodge complaints before the competent data protection regulators;
- require (i) to receive the personal data, which have been provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible data subjects shall have the right to have the personal data transmitted directly from us to another controller; and/or
- not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on data subjects or affects data subjects with similar significance.
Data subjects may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.
Updating this statement
The Open Research Community may update this privacy notice by posting a new version on this website.
You should check this page occasionally to ensure you are familiar with any changes.
Contact the Open Research Community
If you have any questions about this privacy policy or the Open Research Community's treatment of your personal information, please write:
- by email to info@openresearch.community; or
- by post to Knowledge Unlatched, A Wiley brand, Wiley-VCH GmbH – A company of John Wiley & Sons, Inc., Rotherstraße 21, D-10245 Berlin, Germany.
Date of version
February 9, 2022.