CDRXIV Privacy Policy

Last Updated: November 15, 2024

This Privacy Policy (“Policy”) explains the information collection, use, and sharing practices of CDRXIV, a service provided by CarbonPlan (“CDRXIV,” “we,” “us,” and “our”).

This Policy is incorporated into and part of the CDRXIV Terms of Use (“Terms of Use”) located at https://cdrxiv.org/terms-of-use.

Unless otherwise noted on a particular website or service hosted by CarbonPlan, this Policy describes and governs the information collection, use, and sharing practices of CarbonPlan with respect to your use of our CDRXIV service, including the CDRXIV websites that link to this Privacy Policy https://cdrxiv.org; https://github.com/cdrxiv, (collectively, the “Websites”), and the services we provide through our Websites and/or host on our servers, including without limitation the CDRXIV preprint service (collectively, the Websites and the services available through them are referred to as the “Services”).

Please note that this policy does not apply to CarbonPlan’s website or other CarbonPlan projects. For CarbonPlan’s terms see https://carbonplan.org/terms.

Before you use or submit any information through or in connection with the Services, please carefully review this Privacy Policy. By using any part of the Services, you understand that your information will be collected, used, and disclosed as outlined in this Privacy Policy. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

1. Our Principles

CarbonPlan has designed this policy to be consistent with the following principles:

• Privacy policies should be human readable and easy to find.

• Data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make the practices easy for users to understand.

• Data practices should meet the reasonable expectations of users.

2. Information We Collect

We collect information in multiple ways, including when you provide information directly to us; when we passively collect information from you, such as from your browser or device; and from third parties.

Information You Provide Directly to Us

We will collect any information you provide to us. We may collect information from you in a variety of ways, such as when you: (a) create an online account, (b) submit, review, or revise an article, data, or any other content, (c) apply to act as a volunteer reviewer, and when you share or discuss reviews of articles and/or data, (d) make a donation or purchase, (e) participate in our Slack channel or other discussion fora, (f) register for an event, (g) apply for a job with us, (h) contact us or provide feedback, or (i) interact with our Github repository. This information may include but is not limited to your first, middle and last names, email address, phone number, mailing address, photo, geographic location, ORCID (https://orcid.org), content, articles, data, discussions on our Slack channel, biographical information, institutional affiliation, and/or your social media handles. We may also collect additional information about you in connection with our conferences and events (e.g., dietary and other preferences), and the provision of this information to us by you is optional.

Information that Is Automatically Collected

Device/Usage Information

We, and our third party service providers, may automatically collect certain information about the computer or devices (including mobile devices or tablets) you use to access the Services. As described further below, we may collect and analyze (a) device information such as your screen size, operating system, browser type, IP address, and device location, and (b) information related to the ways in which you interact with the Services, such as referring and exit web pages and URLs, search and submission history, pages and content viewed and the order of those pages, statistical information about the use of the Services, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.

Cookies and Other Tracking Technologies

We, and our third-party service providers, also collect data about your use of the Services through the use of Internet server logs and online tracking technologies, like cookies and/or tracking pixels. A web server log is a file where website activity is stored. A cookie is a small text file that is placed on your computer when you visit a website, and in some cases when you receive an email, that enables us and/or our service providers to: (a) recognize your computer; (b) store your preferences and settings; (c) understand the web pages of the Services you have visited and the referral sites that have led you to our Services; (d) perform searches and analytics; and (e) assist with security, authentication, and other administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the Services and associated advertising, and to access user cookies.

If you receive email from us (such as our newsletter), we or our service providers may use certain analytics tools, such as clear GIFs, to capture data such as whether you open our message, click on any links or banners our email contains, or otherwise interact with what we send. This data allows us to gauge the effectiveness of our communications. As we adopt additional technologies, we may also gather additional information through other methods. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Services.

For more information about how we use cookies, please see our Cookies Notice.

Information We Collect from Third Parties

We may also collect information about you or others through third parties. For example, we may have access to server logs and information you have submitted to our services powered or hosted by third party service providers, such as Janeway, Zenodo, and Slack. To the extent permitted by law, we may also collect information from third parties, including public sources, social media platforms, and academic journals or databases. In particular, we may review your publication history, including via use of your ORCID. Depending on the source, this information collected from third parties could include name, contact information, demographic information, information about an individual’s employer, information to verify identity or trustworthiness, and information for other fraud or safety protection purposes.

Information That Third Parties Collect In Connection With The Services

Our third party service and hosting providers may collect information about you or others through or in connection with your use of the Services. For example, if you use our Slack channels, then you will need a Slack account, and Slack will collect information about your usage consistent with its privacy policy (https://slack.com/trust/privacy/privacy-policy). Our publishing platform is powered by Janeway (https://janeway.systems), which hosts our preprint repository and powers the submission review process.

In addition, Janeway submits requests for DOI minting to Crossref (https://www.crossref.org/operations-and-sustainability/privacy/) and/or DataCite (https://datacite.org/privacy-policy), by submitting your ORCID to them, along with metadata about your article such as the article title, first, middle and last names of the authors, author affiliations, abstract, and other relevant information. The DOI assigned by Crossref and/or DataCite, along with the associated metadata, is then linked to the authors’ ORCID records, making it publicly accessible.

Articles may be stored in third-party databases such as Digital Ocean (https://www.digitalocean.com/) or Amazon S3 (https://aws.amazon.com/s3). All data submissions are published in the CDRXIV community on Zenodo, and are subject to Zenodo’s privacy policy (https://about.zenodo.org/privacy-policy/). We may use services such as Intuit’s Mailchimp (https://www.intuit.com/privacy/statement/; https://mailchimp.com/legal/terms/) to manage our email communications. We may use a CAPTCHA service to confirm that you are human, such as hCaptcha (https://www.hcaptcha.com/privacy), or Google reCAPTCHA (https://policies.google.com/privacy; https://policies.google.com/terms).

In addition, we may use third-party web analytics services, such as Plausible (https://plausible.io/privacy), to collect and analyze the information discussed above, and to engage in auditing, research, or reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Other Tracking Technologies” section above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services, including by noting the third-party website from which you arrive to our Site, analyzing usage trends, assisting with fraud prevention, and providing certain features to you.

3. How We Use Your Information

We may use the information we collect from and about you to:

• Fulfill the purposes for which you provided it;

• Assign a DOI, catalog, and process your submissions. To obtain a DOI, our preprint service provider Janeway submits your ORCID (https://info.orcid.org/privacy-policy), along with metadata about your article such as the article title, first, middle and last names of the authors, author affiliations, abstract, and other relevant information, to a service such as Crossref (https://www.crossref.org/operations-and-sustainability/privacy/) and/or DataCite (https://datacite.org/privacy-policy), which assigns a Digital Object Identifier (DOI) to the submission. The assigned DOI, along with the associated metadata, is linked to the authors’ ORCID records, making it publicly available.

• Publish your submissions and their corresponding metadata.

• Enable review of your submissions (including articles, data, and other content) by us and/or our team of volunteer reviewers;

• Provide and improve the Services, including to develop new features or services, promote community collaboration, take steps to secure the Services, and for technical and customer support;

• Host in-person or virtual events, programs, and discussions;

• Send you information about your relationship or transactions with us, account alerts, or other communications, such as newsletters to which you have subscribed;

• Process and respond to your inquiries or to request your feedback;

• Conduct analytics, research, and reporting, including to synthesize and derive insights from your use of our Services;

• Evaluate job candidates during our hiring process;

• Comply with the law and protect the safety, rights, property, or security of CarbonPlan, the Services, our users, and the general public; and

• Enforce our Terms of Use, including to investigate potential violations thereof.

Please note that we may combine information that we collect from you and about you (including automatically collected information) with information we obtain about you from our affiliates and/or non-affiliated third parties, and use such combined information in accordance with this Privacy Policy.

We may aggregate and/or de-identify information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes.

4. When We Disclose Your Information

We may disclose and/or share your information under the following circumstances:

Service Providers.

We may disclose your information to third parties who perform services on our behalf, including without limitation technology/hosting, DOI issuance, volunteer submission reviewers, event management, candidate selection, marketing, customer support, data storage, data analysis and processing, and legal services.

For example, as discussed in more detail above, our preprint service is powered by Janeway, who hosts and manages, among other content, user-submitted articles, including user data; we provide article metadata (including author names and affiliations) to Janeway, who provides it to Crossref and/or Datacite, for the purpose of issuing DOIs; user-submitted data is hosted on Zenodo; we have volunteer reviewers who review and discuss submissions, including via Slack; and we use services such as MailChimp for email communications. We publish your accepted submissions and data, thereby sharing them with the public.

Similarly, when you register for an event, we may share your information with vendors, third party contractors, partner organizations, and volunteers for the purpose of organizing and running the event and related activities.

Legal Compliance and Protection of CarbonPlan and Others.

We may disclose your information if required to do so by law or on a good faith belief that such disclosure is permitted by this Privacy Policy or reasonably necessary or appropriate for any of the following reasons: (a) to comply with legal process; (b) to enforce or apply our Terms of Use and this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) to respond to your requests for customer service; and/or (d) to protect the rights, property, or personal safety of CarbonPlan, our agents and affiliates, our users, and the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.

Organizational Transfers.

As we continue to develop our Services, we may engage in certain transactions, such as the transfer or sale of our assets. In such transactions, (including in contemplation of such transactions, e.g., due diligence) your information may be disclosed. If any of CarbonPlan’s assets are sold or transferred to a third party, customer information (including your email address, Your Content, including data and articles) would likely be one of the transferred assets.

Affiliated Companies.

We may disclose your information with current or future affiliated companies.

Consent.

We may disclose your information to any third parties based on your consent to do so.

Aggregate/De-identified Information.

We may disclose de-identified and/or aggregated data for any purpose to third parties, including promotional partners, and/or others, including the public generally.

Volunteer reviewers.

If you apply to be a volunteer reviewer, we will share your first, middle and last name, institutional affiliation, Slack username, and email address with those who participate in the volunteer selection process, and we will publicly post a list of our volunteer reviewers’ first, middle and last names and institutional affiliations. You will participate in discussions concerning submissions with other reviewers, and your reviews will be available to CarbonPlan and, in cases where additional review support is needed, to other volunteer reviewers.

5. Legal Basis for Processing Personal Data

The laws in some jurisdictions (including the EU and UK GDPR) require companies to tell you about the legal ground they rely on to use or disclose information that can be directly linked to or used to identify you. To the extent those laws apply, our legal grounds for processing such information are as follows:

• To Honor Our Contractual Commitments to You. Much of our processing of information is to meet our contractual obligations to provide services to our users.

• Legitimate Interests. In many cases, we handle information on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals, these include:

  • Customer service

  • Marketing and fundraising

  • Protecting our users, personnel, and property

  • Managing user accounts

  • Organizing and running events and programs

  • Analyzing and improving our business

  • Managing legal issues

We may also process information for the same legitimate interests of our users and business partners.

• Legal Compliance. We may need to use and disclose information in certain ways to comply with our legal obligations.

• Consent. Where required by law, and in some other cases where legally permissible, we handle information on the basis of consent. Where we handle your information on the basis of consent, you have the right to withdraw your consent; in accordance with applicable law.

6. Your Choices and Data Subject Rights

You have various rights with respect to the collection and use of your information through the Services.  Those choices are as follows:

• Email Unsubscribe – You may unsubscribe from our marketing emails at any time by clicking on the “unsubscribe” link at the bottom of each newsletter or by emailing support@cdrxiv.org with your request.

• We do not control third parties' collection or use of your information to, for example, serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. Please review their privacy policies for more information. In addition, you can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website at https://thenai.org/opt-out, and from the Digital Advertising Alliance (“DAA”) at https://optout.aboutads.info.

• EU Data Subject Rights – Individuals in the European Economic Area (“EEA”) and other jurisdictions, including the UK, have certain legal rights (subject to applicable exceptions and limitations) to obtain confirmation of whether we hold certain information about them, to access such information, and to obtain its correction or deletion in appropriate circumstances. You may have the right to object to our handling of your information, restrict our processing of your information, and to withdraw any consent you have provided. To exercise these rights, please email us at support@cdrxiv.org with the nature of your request. You also have the right to go directly to the relevant supervisory or legal authority, but we encourage you to contact us so that we may resolve your concerns directly as best and as promptly as we can.

7. International Transfers

CDRXIV is based in the United States. As described above in the “When We Disclose Your Information” section, we may share your information with trusted service providers or business partners in countries other than your country of residence, including the United States, in accordance with applicable law. This means that some of your information may be processed in the United States, which may not offer the same level of protection as the privacy laws of your jurisdiction. By providing us with your information, you acknowledge any such transfer, storage or use.

If we provide any information about you to any third parties or information processors located outside of the EEA or UK, we will take appropriate measures to ensure such companies protect your information adequately in accordance with this Privacy Policy and other data protection laws to govern the transfers of such data.

8. Security Measures

We have implemented technical, physical, and organizational security measures to protect against the loss, misuse, and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.

9. Children

The Services are intended for users over the age of 18 and are not directed at children under the age of 13. If we become aware that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) from children under the age of 13, or personal data (as defined by the EU GDPR) from children under the age of 16, we will take reasonable steps to delete it as soon as practicable.

10. Data Retention

We retain the information we collect for as long as necessary to fulfill the purposes set forth in this Privacy Policy or as long as we are legally required or permitted to do so. Information may persist in copies made for backup and business continuity purposes for additional time.

11. Third-Party Links and Services

The Services may contain links to third-party websites and/or services. If you choose to use these sites or features, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. CDRXIV is not responsible for the content or privacy practices of such third party websites or services. The collection, use and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Privacy Policy. We encourage you to read the privacy statements of each and every site you visit.

12. Changes to this Privacy Policy

We will continue to evaluate this Privacy Policy as we update and expand our Services, and we may make changes to the Privacy Policy accordingly. We will post any changes here and revise the date last updated above. We encourage you to check this page periodically for updates to stay informed on how we collect, use and share your information. If we make material changes to this Privacy Policy, we will provide you with notice as required by law.

13. Questions About this Privacy Policy

If you have any questions about this Privacy Policy or our privacy practices, you can contact us at: support@cdrxiv.org.