Privacy Policy

This policy was last updated on 15/04/2020.

This is Springer Nature`s privacy policy (hereafter referred to as “policy”) for the Submission to
publication workflow system.

Certain personal data as described in this policy is gathered through the use of the Submission to
publication workflow system and controlled by the Springer Nature Group
(http://group.springernature.com/gp/group) publishing legal entity of the journal (hereafter referred to
as “Publisher” or “we”) to which you submit.

The details of the respective Publisher, acting as the data controller, can be discerned at the website for
the journal at which you are submitting, reviewing or editing.

We will only use the personal data gathered during the Submission to publication workflow systems as
set out in this policy. Below you will find information on how we use your personal data, for which
purposes your personal data is used, with whom it is shared, and what control and information rights
you may have.

I. Summary of our processing activities

We publish scholarly journals, books, news and data. Some of this material is openly available, some of it
is only available to subscribers. The following summary offers a brief overview of the data processing
activities that are undertaken on the Submission to publication systems. You will find more detailed
information under the indicated sections below.

In case of registration for one our services, personal data will be processed in the scope of such services
(see III).

 Your personal data will be used for statistical analysis that helps us to improve our services (see
III).
 We will use your personal data and contact details to tell you about other publishing
opportunities in your interest. You can opt out of these communications at any time (see III)
 Some of your personal data may be processed in the course of implementing a peer review
procedure (see III).
 Your personal data may be disclosed to third parties (see V) that might be located outside your
country of residence; potentially, different data protection standards may apply (see VI).
 We have implemented appropriate safeguards to secure your personal data (see VII) and retain
your personal data only as long as necessary (see VIII).
 Under the legislation applicable to you, you may be entitled to exercise certain rights with
regard to the processing of your personal data (see IX).
II. Definitions

 Personal data: means any information relating to a natural person who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an identification
number, location data, or an online identifier.
 Processing: means any operation that is performed on personal data, such as collection,
recording, organisation, structuring, cataloguing, storage, adaptation or any kind of disclosure or
other use.

III. Information we collect and how we use it

Our Submission to publication workflow systems include the following services: peer review; content
preparation and proofing; publication; and distribution of published material. In order to use the
aforementioned services you have to set up an initial account. Where optional paid services may be
engaged, you will be prompted to set up an additional, or enhance an existing account.

With regard to the registration of an account and its subsequent use, we process the following
information:

 Information that is provided during registration such as your name, user name, ORCID ID (if
applicable) and email;
 Information in connection with an account sign-in facility, e.g. log-in and password details;
 Communications sent by you, e.g. via email or website communication forms
 Content files and covering letters provided by you;
 Grants, funding, membership, institution, society, committee registration
 Billing or invoicing information;
 Information received from societies we work with, e.g. address, name, email;
 Your publication record based on publicly available data.

The information that is necessary for the performance of the service is labelled accordingly.

We will process the personal data you provide in order to:

 Identify you at sign-in;

 Administer your account;
 Provide you with the services and information offered through the Submission to publication
workflow systems or that which you additionally request;
 Communicate with you;
 Provide information to you as an Author about other publishing opportunities, with the Springer
Nature group, you can stop these communications at any time by clicking the link in each email
or contacting customer services;
 Communicate with you in your capacity as a current or potential Peer Reviewer, Editorial Board
Member, or external Editor to provide information about the journal (s) and content you have
worked on; you can stop these communications to you as a Peer Reviewer, Editorial Board
Member, or external Editor at any time by clicking the link in each email or contacting customer
services. Stopping these communications will not affect your status as Peer Reviewer, Editorial
Board Member or external Editor with respect to the journal.
  Process payments;
 To ensure the accuracy of content attribution and the quality and integrity of the peer review
process;
 Provide you with optional e-TOC alerts and/or citation alerts;
 Transfer your submission to an alternative Springer Nature title if applicable;
 Offer assistance to deposit your data (if applicable);
 Create a profile of your publication record based on publicly available data, such as published
books and articles, citations and grants awarded. This information will not be used to determine
article acceptance, nor will it be used for automated decision making. This information will be
used to personalise communications and provide you with latest news about our products and
services;
 Authorise and process Article Publication Charges (APCs);
 Any additional orders such as article offprints.

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest in providing
you assistance, optimising our services and preventing fraud, also provide info about products and
services of interest to you Article 6 sec. 1 sent. 1 lit. f GDPR.

Your personal account registration data is, in the absence of exceptions within the specific services
mentioned, retained for as long as your account is used. Non-activity is defined at a minimum of five
years, to facilitate ease-of-return for account holders.

Content and communications, associated with submissions, reviews or decisions made by an account
holder is held for a period of 12 months following final decision before being encrypted and sent for
storage to a long term limited-access archiving service (Aries contract), as far as required in order to
achieve the following purposes.

Retrieval of archived content will only be engaged for the purposes of investigation into alleged fraud or
misbehaviour, as related to the services provided and in the interests of the integrity of the public
record of published research. Such a decision will be made under the oversight of the Springer Nature
Research Integrity Group with considerations to statutory storage obligations. The need for legal
actions that may arise from misconduct within the services or payment problems, can lead to a longer
retention of your personal data.

In order to ensure the high quality of our journals and publications, as well as the significance of the
scientific research published, we have implemented a peer review procedure.

In order to find and contact suitable and qualified peer reviewers to review within the relevant research
community, editors and administrators may create a profile using your publication record based on
publicly available data and some of your basic personal data (i.e. email address, name and research
interest) to register you for our Peer Review System. The legal basis for processing your personal data is
the Publisher’s or the respective editor’s legitimate interest in finding and contacting suitable and
qualified peer reviewers to ensure the high level of papers and articles published in our journals, Art. 6
(1) sent. 1 lit. f GDPR.
If you do not wish to be contacted any longer, you can contact us by sending an email to the email
address provided in the footer of any message sent. Alternatively, you may contact
customerservice@springernature.com. Please note that we may keep some of your personal data in
order to register your explicit wish to not be contacted in the future, and thus to prevent any future
processing of your data in this regard. The legal basis for this is the Publisher and your legitimate
interest in recalling your wish and preventing any future contacting, Article 6 (1) sent. 1 lit. f GDPR.

IV. Third party content

Links to third party websites

This Submission and peer review system may contain links to third party websites, including journal
affiliates and scholarly societies. We are not responsible for the content and the data collection on
respective third party websites; please check the privacy policy of respective websites for information of
respective websites’ data processing activities.

V. Information sharing
Where personal data is disclosed to third parties for the purposes mentioned above the legal basis for
the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR. Some of the recipients may
reside outside the EEA. Data is only shared to the extent that it is needed to perform the service of peer
review, and peer review is to be conducted within the security of the workflows which control these
access permissions.

In the course of providing our peer review services, your data may be accessed by different members of
the editorial team such as editors and assistants to the editorial office. To determine the locations of the
editorial board members, you may refer to a journal’s homepage. Granting access to your personal data
and the respective processing activity will be based on our and the legitimate interest of the respective
society publishing the Journal in successfully publishing high quality articles and papers and ensuring the
quality and significance of the respective research published in our journals, products and databases,
Article 6 sec. 1 sent. 1 lit. f GDPR.

In order to do so we and/or the respective society may process your personal data to find, contact, and
evaluate suitable and qualified peer reviewers within the relevant research community. This also
includes data sharing between us and the respective society. For example, we may share reviewer and
author data to publish the journal.

Please note that the publisher and the society are independently responsible for the respective data
processing conducted. We can neither limit the extent to which personal data is processed by the
respective society nor do we regulate the processing’s purpose or the period your personal data will be
retained. It is also possible that the above-mentioned societies may disclose your personal data to their
business partners, third parties or authorities. For further information on the data processing under the
society’s control please refer to the respective society’s privacy notice.

Your personal data will be transferred to and processed inside and outside of the EEA. For further
information on cross border data transfer, please refer to section VI.
With respect to Article Publication Charges (APCs); if you are an author we’ll share your personal data
with third parties, like your institution or employer. This is required to manage and approve payment of
associated APCs in order to fulfill the publication of your manuscript, where applicable.
Customer service, administrative, operational and systems support is provided by other entities of the
Springer Nature Group and third party contractors (together “Contractors”). We may disclose your
personal data to Contractors who assist us in providing the services we offer through the Submission
and peer review system. Such a transfer will be based on data processing agreements in accordance
with Article 28 of the GDPR. Therefore, our Contractors will only use your personal data to the extent
necessary to perform their functions and will be contractually bound to process your personal data only
on our behalf and in compliance with our requests. Further services, provided by third party technology
and service providers, are similarly bound by data processing agreements.

We are working with Publons to give our expert peer reviewers official and verified recognition for their
invaluable contribution in ensuring that research is reliable and relevant before it is communicated to
the world. Publons (Clarivate Analytics, i1500 Spring Garden St 4th floor, Philadelphia, PA 19130) is a
free service for academics to track, verify and showcase their peer review and editorial contributions.

We offer to send automated verification to Clarivate Analysis – the provider of Publons – that you have
completed this review upon manuscript acceptance. In order to do so we require your permission to
transmit the following data to Publons: your name, email address, title of the reviewed manuscript,
name of journal, and date of your review submission. Publons uses review data to generate derivative
metadata for the benefit of Publons and you as a reviewer (without revealing what you have reviewed).
For example, Publons may publicly verify your record as a reviewer, or may help editors to identify
candidate reviewers. Please find details of processing in Publons’ privacy policy. You will be offered an
opportunity to opt-into this service during your review submission.

ORCID is a non-profit organisation that provides researchers with a unique digital identifier. These
identifiers can be used by editors, funding agencies, publishers, and institutions to reliably identify
individuals in the same way that ISBNs and DOIs identify books and articles. The ORCID website provides
researchers with a page where comprehensive research activity can be documented. This includes peer
review data.

We offer direct verification of peer review contributions to researchers’ ORCID profiles via Editorial
Manager, if the reviewer authorises it. This means that if you opt-in to this service during review
submission, acknowledgement of your peer review contribution (journal name and year of review only)
will be deposited directly to your ORCID profile by Springer Nature.

We may disclose anonymous aggregate statistics about users of the Submission to publication workflow
systems in order to describe our services to prospective partners, advertisers and other reputable third
parties and for other lawful purposes, but these statistics will not include any personal data. We may
provide aggregated data for inclusion in publishing metrics.

In the event that we undergo re-organisation or are sold to a third party, any personal data we hold
about you may be transferred to that re-organised entity or third party in compliance with applicable
law. We may disclose your personal data if legally entitled or required to do so (for example if required
by law or by a court order). The legal basis for this will be Article 6 sec. 1 sent. 1 lit. c GDPR (in
conjunction with the respective national law).

VI. Cross border data transfers

Within the scope of our information sharing activities set out above, your personal data may be
transferred to other countries (including countries outside the European Economic Area [EEA]) which
may have different data protection standards from your country of residence. Please note that data
processed in a foreign country may be subject to foreign laws and accessible to foreign governments,
courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable
measures to maintain an adequate level of data protection when sharing your personal data with such
countries.

In the case of a transfer outside of the EEA, this transfer is either safeguarded by the Privacy Shield or EU
Model Clauses in accordance with Article 46 GDPR. You can find further general information about the
aforementioned safeguards by following this link https://ec.europa.eu/info/law/law-topic/data-
protection_en or contact our Group Data Protection Officer via customerservice@springernature.com
for specific information on respective safeguards.

VII. Security
We have industry-standard security measures in place to protect against the loss, misuse and alteration
of personal data under our control. For example, our security and privacy policies are periodically
reviewed and amended as necessary and only authorised personnel have access to personal data. Whilst
we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all
reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We
cannot guarantee the security of information you submit via our website whilst it is in transit over the
internet, and any such submission is at your own risk.

VIII. Data retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In
the absence of specific retention periods set out in this policy, your personal data will be retained only
for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as
required by statutory retention requirements.

IX. Your rights

Under the legislation applicable to you, you may be entitled to exercise some or all of the following
rights:
1. require (i) information as to whether your personal data is retained and (ii) access to and/or copies of
your personal data retained, including the purposes of the processing, the categories of personal data
concerned, and the data recipients as well as potential retention periods;
2. request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or
inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on
which the processing was based has been withdrawn;

3. refuse to provide and – without impact to data processing activities that have taken place before such
withdrawal – withdraw your consent to processing of your personal data at any time;

4. object, on grounds relating to your particular situation, that your personal data shall be subject to a
processing. In this case, please provide us with information about your particular situation. After the
assessment of the facts presented by you we will either stop processing your personal data or present
you with the legitimate grounds for ongoing processing;

5. take legal actions in relation to any potential breach of your rights regarding the processing of your
personal data, as well as to lodge complaints before the competent data protection regulators;

6. require (i) to receive the personal data concerning you, which you have provided to us, in a
structured, commonly used and machine-readable format and (ii) to transmit that data to another
controller without hindrance from our side; where technically feasible you shall have the right to have
the personal data transmitted directly from us to another controller; and/or

7. not to be subject to any automated decision making, including profiling (automatic decisions based on
data processing by automatic means, for the purpose of assessing several personal aspects) which
produce legal effects on you, or affects you with similar significance.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints
regarding our data processing by contacting us using the contact details set out below.

X. Contacting us
For matters related to your registration and data stored within specific journals, please refer to cont act
persons listed at the journal’s homepage.

Please submit any questions, concerns or comments you have about this privacy policy or any requests
concerning your personal data by email to our Group Data Protection Officer. You can contact our Group
Data Protection Officer via customerservice@springernature.com.

The information you provide when contacting us at customerservice@springernature.com will be

processed to handle your request and will be erased when your request is completed. Alternatively, we
will restrict the processing of the respective information in accordance with statutory retention
requirements.

XI. Amendments to this policy

We reserve the right to amend this policy from time to time by updating our website respectively.
Please visit the site regularly to ensure you have access to the most up-to-date policy.

Annex: Notes to external editors/reviewers

In the course of the collaboration between Springer Nature and external editors and reviewers, Springer
Nature transfers personal data to the editors and reviewers. The editors and reviewers process this
personal data in their own responsibility as independent controllers. Thus, the editors and reviewers
have to comply with the applicable regulations of data protection law, in particular with respect to the
EU General Data Protection Regulation (GDPR). This entails the following obligations with regard to the
data processing:

1. Editors and reviewers need to respect the principles of lawfulness, fairness and transparency of the
data processing and document their compliance with the applicable obligations. This means that
personal data may only be processed for specified, explicit and legitimate purposes and the processing
shall be limited to what is absolutely necessary in relation to these purposes. Processing must be
transparent to the persons whose data is processed, and persons whose data is processed may have
certain rights, in particular with respect to access to or deletion and correction of such data. Personal
data shall generally not be used for purposes other than the ones it was collected for.

2. Personal data may only be processed if permitted by a legal basis. For example, this is the case if an
editor processes reviewer data to identify appropriate reviewers, invite and/or select them for
assignment. Further, reviewer and editors may need to process author data to enable and foster
effective communication between the different parties. Personal data should not be proliferated to
third parties without a solid reason.
3. When processing personal data adequate measures should be implemented to ensure the protection
and secrecy of the data. This includes measures to prevent that the data is accessed by unauthorised
third parties, e.g. by using keys and/or passwords for the relevant systems and data encryption if
possible, or that data is deleted or amended accidentally, e.g. by using backup systems. If the data is no
longer needed for the purposes it was collected for, e.g. if the review is completed and the journal
published, the data needs to be deleted/destroyed, unless there are grounds that justify longer
retention. Those reasons may arise from journalistic duties, documentation obligations and accounting
or tax obligations.