Privacy Policy

ReadCube's Privacy Notice

This Notice applies to the websites at www.readcube.com, www.papersapp.com, www.papers.ai and related services (“ReadCube”).

ReadCube is operated by Digital Science & Research Solutions Inc., a Delaware corporation with offices at 625 Massachusetts Ave, Cambridge, MA 02139, USA (“Digital Science” or “we”). We respect your concerns about privacy and value our relationship with you. This Notice explains what personal data we collect, how we may use and manage it and the rights you may have in relation to such personal data. When we refer to “personal data” in this Notice, we mean information relating to an identified or identifiable individual that we collect and use in connection with ReadCube; not aggregate or other anonymized data or information we process on behalf of our customers.

How do we collect and use personal data?

We collect personal data in the following ways:

  • information you provide to us directly online. For example, when you register to use ReadCube, complete one of our web forms, subscribe to updates or make a support request, we collect the personal data you provide, like your name, email address and other basic contact details / professional information. We will use this information to enable you to access and use ReadCube or fulfill the request you’ve made. More occasional examples could include where you respond to a survey or enter into a competition.
  • information we collect from your use of ReadCube. When you use ReadCube, we may collect information about that usage and other technical information, such as your IP address, browser type and any referring website addresses. For example, we collect IP addresses from all our users of ReadCube Papers to help determine your eligibility to access certain content. We may combine this automatically collected log information with other information we collect about you and use it to keep a record of our interaction and to enable us to support, personalize and improve ReadCube. We may - also collect this type of information using cookies and other similar technologies – please see our cookie policy for further details.
  • information you provide to us in person. For example, when you visit one of our exhibition booths or attend one of our events, you may provide us with your contact details. We will use this information to answer your enquiries or provide other information requested by you.
  • information we collect from our other interactions / business dealings. For example, if you attend a webinar, contact us via social media or otherwise interact with our business, including as a representative of a current / prospective customer, supplier or business partner, we may track and make a record of those interactions, which may contain personal data. If you visit one of our offices, this may be captured on CCTV and used for security reasons; and photographs / videos may be taken at our events and used for promotional purposes, details of which will be available on request at the relevant site.
  • Information we collect from third parties or publicly available sources. If you are a member of the research community, we may collect publicly-available information about you and the research you’ve been involved in and content you’ve authored. Such information may be found in: primary research-related content, such as journal articles; freely-accessible on-line resources; or third party data sources, such as Crossref. We use this information in ReadCube to improve the reach, discoverability and understanding of research content. We may also collect information you post online (e.g. social media) about us, our products/services and/or our industry, for market research and product improvement purposes.
  • information provided to us by other ReadCube users. We may receive personal data (for example, your email address) from other ReadCube users, for example if they have tried to share something with you, invited you to join a library or tried to refer ReadCube to you.
    In all the above cases, where we have a relationship with you, we may also use the personal data we collect to manage and keep a record of that relationship and other business administration purposes you’d reasonably expect and, subject always to your preferences, to provide information we think may be of interest to you.

In many of the above cases, we may also use the information collected to create aggregate or other non-personal data to enable us to benchmark and improve ReadCube and for other analytical / research purposes.

Unless we specifically request it, you should not provide us with any sensitive personal information. If you provide personal data to us about someone else (such as one of your colleagues), please ensure that you have their permission to do so and that they’re aware of the contents of this Notice.

The legal basis for Digital Science’s use of your personal data

In order to comply with European data privacy laws, we are required to set out the legal bases for our use of your personal data, which are as follows:

  • where you have given us your explicit consent, which you can withdraw at any time. For example, we rely on your consent to fulfill specific requests you’ve made, such as to receive our email updates, or provide information you’ve opted-in to receive;
  • where the processing is necessary for the performance of our contract with you, or to enter into such a contract. For example, if you register to use ReadCube, we will need to use your details to set-up and administer your account;
  • where the processing is necessary to comply with our legal obligations; or
  • the processing is in our legitimate interests, provided these are not overridden by your individual rights. For example, we rely on our legitimate interests:
    • to collect personal data from research-related content, such as journal articles, and to make that information available via ReadCube. By increasing its reach and discoverability, amongst other things, we believe this adds value to the research community.
    • to contact you when you’ve not previously given us your consent to do so, such as to tell you about things that we think might be of interest to you, or to ask for your feedback or opinion on us or our products/services.
    • to collect publicly available information, such as posts on social media, for market research and product improvement purposes.
    • to use CCTV on our premises for security reasons.
    • to create aggregated or other non-personal data from your personal data.

Who we share your personal data with

We may share your personal data within the Digital Science group on a confidential basis for our internal administrative, billing and other business purposes, and to fulfill a request that you might have made. We do not generally disclose or share personal data with third parties, except where it’s necessary for legitimate business reasons, such as:

  • to the agents, advisers and service providers that assist us in running / we use to administer our business;
  • to the subcontractors and service providers* we use to provide and support ReadCube, for example, providers of hosting, security and infrastructure and customer support platforms;
  • if you express interest in an initiative we’re involved in, to other participants in such initiative;
  • if ReadCube is accessed via, or otherwise integrated with, other Digital Science products, or if required to enable the integration or use of third party resources accessed / used on ReadCube;
  • if part of our business is sold to or integrated with another business, to our advisers and any prospective purchasers (and their advisers);
  • in such circumstances for which you have given your consent;
  • if necessary for the performance of the contract we have with you or in order to enforce any claims we are entitled to;
  • if required by law or ordered by a court;
  • details of purchase, access or sharing activity related to Published Content, to the relevant Content Provider;
  • in the case of usage information relating to your access of a version of ReadCube that is paid for by someone else, to the paying organization;
  • in the case of already publicly available research-related information, to users of ReadCube;
  • if you register for a webinar or other event, to other attendees and co-organizers of that event.

*We include appropriate confidentiality and security obligations in our contracts with our service providers and only permit them to process your personal data for specified purposes and in accordance with our instructions (not for their own purposes). Such service providers include: Netsuite, Inc. for billing (USA), Salesforce.com, LLC for customer relationship management (USA), Qualtrics LLC (USA) for product feedback and Google LLC for business operations (USA), and may also include the ReadCube Subprocessors listed here.

Note, where you are using ReadCube pursuant to an organization’s subscription, that organization may have certain admin rights over your account, including access to the contents of your ReadCube Papers library and the ability to track your usage; and we will act in accordance with any instructions they may give in respect of such information (if any) they may provide to us about you or which we may collect on their behalf (whose policies - not this policy - will govern how the personal data we process on their behalf is used).

Security and storage

We take appropriate technical and organizational security measures to protect personal data from accidental or unlawful destruction, accidental loss and unauthorized access, destruction, misuse, modification or disclosure, including generally accepted standards designed to protect personal data provided to us, both during transmission and once it is received.

We only keep your personal data for as long as it is necessary for the purposes for which it was collected, after which it will be destroyed, erased or anonymized.

International transfers

Digital Science’s primary business operations, and much of the ReadCube infrastructure, is based in the United States (“USA”). This means that in order to run our business and operate ReadCube, personal data may be transferred to the USA, as well as to other locations where our affiliates and service providers are based. Whenever we make such transfers, we will ensure an appropriate level of protection is afforded to your personal data, which in the case of personal data originating from the UK or the European Economic Area (EEA) shall involve implementing at least one of the following safeguards:

  • making sure the destination country has been deemed to provide an adequate level of protection for personal data;
  • by using model form contracts that have been officially declared to afford your personal data an appropriate protection;
  • relying on an alternative recognized compliance standard for the lawful transfer of personal data.

Please email us at support@readcube.com if you would like more information about these safeguards.

Marketing

Depending on your preferences, we may contact you about things we think might be of interest to you. Some of these messages may be tailored to you, based on your interests (e.g. previous browsing activity), public profile and posts (e.g. on social media), use of our products/services, and other information we may hold.

If you no longer wish to receive such communications, you can click the unsubscribe button. Note, even if you unsubscribe from marketing messages, we may still send you emails about the services you use, such as details of new functionality / changes to legal terms of use.

Cookies

Please see our cookie policy for information on how we collect personal data using cookies and similar technologies on readcube.com, papersapp.com or papers.ai domains. In some cases, ReadCube services may be provided via other domains, in which case, please refer to the cookie policy displayed on the corresponding site.

Your rights

Various data privacy laws give rights to individuals in respect of personal data that organizations hold about them. For example, under European data privacy laws, you may be entitled:

  • to request a copy of the personal data that we hold about you;
  • to object to the processing of your personal data; or
  • to request that you personal data is rectified or deleted, or its processing limited.

To make any requests regarding your personal data, please email us at support@readcube.com. We will comply with any such requests as required in accordance with applicable law. Please be aware, however, that there are typically a number of limitations to these rights, and there may be circumstances where we’re not able to comply with your request.

Additional information for certain jurisdictions

For additional information relevant to certain jurisdictions about the personal data we collect, how we may use and manage it and the rights you may have in relation to such personal data, please visit this page.

Third party sites

If any part of ReadCube is made available on or through other Digital Science or third party websites or other resources, includes links to such resources, or other resources contain links to any part of ReadCube, this is done for convenience only. We recommend that you check the privacy and security policies of such resources as they are not subject to this Notice.

Contact details

If you would like any further information, or have any questions or concerns, regarding your personal data, as a first step, please email us at support@readcube.com or write to us at:

  • If you’re based in Europe: 4 Crinan Street, London N1 9XW, UK
  • If you’re based outside of Europe: 625 Massachusetts Ave, Cambridge, MA 02139, USA

You have the right to make a complaint at any time to your local supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns in the first instance.

EU-US Data Privacy Framework Notice

This Notice applies to personal data transferred to us, in the United States, from the European Economic Area and the United Kingdom, where transferred in reliance on the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework (which is referred to in this Notice as EU Personal Data). To the extent there is any conflict between the EU-US Data Privacy Framework Principles (“DPF Principles”) and this Notice, the DPF Principles will prevail in respect of EU Personal Data.

Commitment to the EU-US Data Privacy Framework Principles

  • Digital Science & Research Solutions Inc. participates in the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework and has certified to the U.S. Department of Commerce its compliance with the DPF Principles regarding the processing of EU Personal Data. We are responsible for the processing of EU and UK Personal Data, and remain liable for its onward transfer to third parties acting as agents on our behalf, in accordance with the DPF Principles.
  • For purposes of enforcing compliance with the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
  • To learn more about the EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Disclosure for national security or law enforcement

  • We may be required to share your personal data with public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.

Resolution of EU-US Data Privacy Framework queries and complaint mechanism

  • If you have an EU-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework-related (or general privacy-related) query or complaint, we encourage you to contact us (see contact details above) as a first step. Any unresolved complaints may be referred to our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. You may also contact your local supervisory authority within the European Economic Area or the United Kingdom.
  • Under certain conditions, more fully described in Annex I of the DPF Principles, you may invoke binding arbitration by delivering notice to us and following the procedures and subject to conditions set out in Annex I of the DPF Principles.

Changes to this Notice

We reserve the right to modify or replace this Notice at any time by posting the revised Notice on our website. You are responsible for reviewing any such change each time you access any part of ReadCube.

Last Updated: September 25, 2024