Latest update: September 2023
Under applicable laws, we act as a data processor for the information stored by research organizations and academic institutions (our “Clients”) in our Software or made available in a User Profile. As such, we do not choose or control what information they input into it, and any requests concerning any information which could be in our Software or via User Profiles should be directed to our Clients directly. We act as a data controller for information processed in any other context.
What information do we collect and why?
We collect your information in a number of ways and for a number of different purposes, depending on their different categories. Please see the table below for more details.
Depending on the jurisdiction you are in, we may use different legal bases to process your information. In Canada, we rely on your consent. If you are in the European Union, we rely on different legal bases to justify our processing of your information, such as consent, the performance of a contract and our legitimate interests. These legal bases may not be valid under all jurisdictions and are indicative. Each time consent is the legal basis, you can withdraw your consent at any time.
We also use your information to provide and personalize our Services, including with the help of automated systems and inferences that we make directly or using third–party services (such as Algolia’s products), so that our Services can be more relevant and useful to you and others.
Please note that we may also collect and use your information for any other purpose permitted or required by law.
We take steps to ensure that only those employees who need access to your information to perform their duties have access to it.
How do we share your information?
We share your information with third parties where necessary to fulfill the purposes identified above, including as set forth in the table below:
How do we transfer your information?
We use third–party service providers to host research data in the country/territory chosen by our Clients. However, our service providers may process your information internationally, including in the United States, depending on where they are located. While such information is outside of your country/territory of residence, it is subject to the laws of the country/territory in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country/territory, pursuant to the laws of such country/territory.
If you would like more information about how we transfer your information, please contact us as set forth in the section below “How to contact us?”
How do we secure and keep your information?
We use technical and organizational measures to keep your information safe, including using servers that are ISO/IEC 27001:2013 certified to host our Services. We offer our Clients the option to use double authentication to access their accounts. However, securing your information takes teamwork. You also need to do your part, such as by keeping your credentials to access the Software confidential and using secure networks.
We retain research data and User Profile information for as long as our Clients keep this data in the Software. Any other data that we may collect for our own purposes, such as electronic data collected through cookies, or information your communications with us is retained for as long as necessary to provide you with the Services, to perform our marketing campaigns effectively or as required by applicable laws, whichever is longer.
What are your rights regarding your information?
Under certain circumstances and subject to applicable data protection laws, supported by a written request and proof of identification, you may consult the personal information that we have collected, used or shared, and/or ask that it be corrected, and/or withdraw your consent to our disclosure or use of personal information collected.
As required or permitted by law, you may be entitled to additional rights, including: (i) the right to control the dissemination of your personal information; (ii) the right to receive computerized personal information collected from you in a structured, commonly used and technological format and to have this information transferred directly to another organization; (iii) the right to be informed of and submit observations regarding automated decision-making; and (iv) the right to request information about data processing. In the European Union and in the United Kingdom, you may also benefit from these additional rights: (i) the right to revoke your consent when our processing is based on consent; (ii) the right to object to the processing of your personal information; (iii) the right to restrict the processing of your personal information; (iv) the right to data portability, which means that your personal information is provided to you or a third party in normal format to allow you to re-use them, including with another provider; and (iv) the right to have automated decisions being reviewed by a human in some cases, and some rights over profiling.
Finally, you also have a right to lodge a complaint with a competent data protection authority, in particular in the country/territory where you normally reside, where we are based or where an alleged infringement of data protection law has taken place, such as the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec.
To exercise any of these rights, please contact us as set forth in the section below “How to contact us?”
How to contact us?