Privacy Notice

This Notice applies to the websites at figshare.com and related services ("figshare").

figshare is operated by figshare LLP, with registered offices at 90 York Way, London N1 9AG, UK ("Digital Science" or "we"). This Notice explains what personal data we collect, how we may use and manage it and the rights you may have in relation to such personal data. When we refer to "personal data" in this Notice, we mean information relating to an identified or identifiable individual that we collect and use in connection with figshare; not aggregate or other anonymised data, or information we process on behalf of our customers.

Click on one of the links below to jump to the listed section:

• How do we collect and use personal data?
• The legal basis for our use of your personal data
• Who we share your personal data with
• Security
• Retention of your personal data
• International transfers
• Marketing
• Cookies
• Your rights
• Third party sites
• Contact details
• EU-US Privacy Shield Notice
• Changes to this Notice

How do we collect and use personal data?

We collect personal data in the following ways:

• information you provide to us online. For example, when you register to use figshare, complete one of our web forms or make a support request, we collect the personal data you provide, like your name, Orcid id, email address and other basic contact details / professional information. We will use this information to enable you to access and use figshare or fulfil the request you've made. You may also provide (or configure your account, including by syncing with third party apps, so figshare retrieves) additional information about you to access and use particular features within figshare, such as to populate a public profile page or make content you've submitted public. More occasional examples could include where you respond to a survey or enter into a competition.
• information we collect from your use of figshare. When you use figshare, we may collect information about that usage and other technical information, such as your IP address, browser type and any referring website addresses. We may combine this automatically collected log information with other information we collect about you and use it to keep a record of our interaction and to enable us to support, personalise and improve figshare. This may involve the creation of aggregate or other non-personal data. We may also collect this type of information using cookies and other similar technologies - please see our cookie policy for further details.
• information you provide to us in person. For example, when you visit one of our exhibition booths or attend a figshare fest or other of our events, you may provide us with your contact details. We will use this information to answer your enquiries or provide other information requested by you.
• information we collect from our other interactions / business dealings. For example, if you attend a webinar, contact us via social media or otherwise interact with our business, including as a representative of a current / prospective customer, supplier or partner, we will make a record of those dealings, which may contain personal data.
• Information we collect from third parties or publicly available sources. If you are a figshare user, we may collect personal data about you from research-related data sources, such as Orcid.

In all the above cases, where we have a relationship with you, we may also use the personal data we collect to manage and keep a record of that relationship and other business administration purposes you'd reasonably expect and, subject always to your preferences, to provide information we think may be of interest to you.

If you provide personal data to us about someone else (such as one of your colleagues), please ensure that you have their permission to do so and that they're aware of the contents of this Notice.

The legal basis for our use of your personal data

In order to comply with European data privacy laws, we are required to set out the legal bases for our use of your personal data, which are as follows:

• where you have given us your explicit consent, which you can withdraw at any time. For example, we rely on your consent to fulfil specific requests you've made, such as to receive our blog emails, or provide information you've opted-in to receive;
• where the processing is necessary for the performance of our contract with you, or to enter into such a contract. For example, if you register to use figshare, we will need to use your details to set-up and administer your account;
• where the processing is necessary to comply with our legal obligations; or
• the processing is in our legitimate interests, provided these are not overridden by your individual rights. For example, we rely on our legitimate interests to retain personal data that's associated with content you or a co-author has made public, so that personal information, associated with that content can be preserved. We also rely on our legitimate interests to contact you when you've not previously given us your consent to do so.

Who we share your personal data with

We may share your personal data within the Digital Science group on a confidential basis for our internal administrative, billing and other business purposes. We do not generally disclose or share personal data with third parties, except where it's necessary for legitimate business reasons, such as:

• to the agents, advisers and service providers that assist us in running and that we use to administer our business;
• to the subcontractors and service providers we use to provide and support figshare;
• if part of our business is sold to or integrated with another business, to our advisers and any prospective purchasers (and their advisers);
• in such circumstances for which you have given your consent;
• if and to the extent necessary for the performance of the contract we have with you or in order to enforce any claims we are entitled to;
• if we are required by law or ordered by a court to disclose such information;
• to third party apps you have chosen to sync with your account;
• in the case of your figshare profile or details associated with content you've made public, to public users of figshare;
• to third parties that host content on a persistent basis that you've chosen to publish, such as Chronopolis, and other third parties involved in the scholarly content infrastructure, such as CrossRef, Orcid and Datacite.

We include appropriate confidentiality and security obligations in our contracts with our service providers and only permit them to process your personal data for specified purposes and in accordance with our instructions (not for their own purposes).

Note, where you are using figshare pursuant to an institutional subscription, your institution will have access to all your content and have admin rights over your account, including the ability to configure and populate your profile and track your usage; and we will act in accordance with any instructions they may give in respect of that content (whose policies - not this policy - will govern how the personal data we process on their behalf is used).

Security

We take appropriate technical and organisational security measures to protect personal data from accidental or unlawful destruction, accidental loss and unauthorised access, destruction, misuse, modification or disclosure.

Retention of your personal data

We only keep your personal data for as long as it is necessary for the purposes for which it was collected, after which it will be destroyed, erased or anonymised.

If you are a figshare user and have made content public, we will retain a record of your association with that content potentially indefinitely.

International transfers

In order to run our business and provide figshare, we may transfer personal data from the UK or the European Economic Area (EEA), including to our affiliates and service providers, many of whom are located outside of these jurisdictions. Whenever we make such transfers, we will ensure an appropriate level of protection is afforded to your personal data by implementing at least one of the following safeguards:

• making sure the destination country has been deemed to provide an adequate level of protection for personal data;
• by using model form contracts that have been officially declared to afford your personal data an appropriate protection;
• in the case of transfers to the United States, checking the recipient is part of the "Privacy Shield".

Please email us at nihsupport@figshare.com if you would like more information about these safeguards.

Marketing

Depending on your preferences, we may send you marketing communications we think might be of interest to you. Some of these messages may be tailored to you, based on your interests (e.g. previous browsing activity) and any other information we may hold.

If you no longer wish to receive such communications, you can click the unsubscribe button. Note, even if you unsubscribe from marketing messages, we may still send you emails about the services you use, such as details of new functionality / changes to legal terms of use.

Cookies

Please see our cookie policy for information on how we collect personal data using cookies and similar technologies.

Your rights

European data privacy laws give rights to individuals in respect of personal data that organisations hold about them, for example:

• to request a copy of the personal data that we hold about them;
• to object to the processing of their personal data; or
• to request that their personal data is rectified or deleted, or its processing limited.

To make any requests regarding your personal data, please email us at nihsupport@figshare.com. We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we're not able to comply with your request.

Third party sites

If any part of figshare is made available on or through third party websites or other resources, includes links to such resources, or other resources contain links to any part of figshare, this is done for convenience only. We recommend that you check the privacy and security policies of such resources as they are not subject to this Notice.

Contact details

If you would like any further information, or have any questions or concerns, regarding your personal data, as a first step, please email us at nihsupport@figshare.com or write to us at:

• If you're based in Europe: 90 York Way, London N1 9AG, UK
• If you're based outside of Europe: 625 Massachusetts Ave, Cambridge, MA 02139, USA

You have the right to make a complaint at any time to your local supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns in the first instance.

EU-US Privacy Shield Notice

Digital Science's US affiliate, Digital Science & Research Solutions Inc. ("Digital Science US"), participates in the EU-US Privacy Shield. This Notice applies to personal data transferred to Digital Science US, in the United States, from the UK or European Economic Area, where transferred in reliance on the EU-US Privacy Shield (which is referred to in this Notice as EU Personal Data).

To the extent there is any conflict between the Privacy Shield Principles and this Notice, the Privacy Shield Principles will prevail in respect of EU Personal Data.

• Commitment to the Privacy Shield Principles

  Digital Science US participates in the EU-US Privacy Shield Framework and has certified its compliance with the Privacy Shield Principles regarding the collection, use and retention of EU Personal Data. Digital Science US is responsible for the processing of EU Personal Data, and remains liable for its onward transfer to third parties acting as agents on our behalf, in accordance with the Privacy Shield Principles.

  For purposes of enforcing compliance with the Privacy Shield, Digital Science US is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

  To learn more about the Privacy Shield Principles, and to view Digital Science US's certification, please visit https://www.privacyshield.gov/welcome.

• Disclosure for national security or law enforcement

  Digital Science US may be required to share your personal data to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.

• Resolution of Privacy Shield queries and complaint mechanism

  If you have a Privacy Shield-related (or general privacy-related) query or complaint, we encourage you to contact us (see contact details above) as a first step. Any unresolved complaints may be referred to our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. You may also contact your local supervisory authority within the European Economic Area.

  Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

Changes to this Notice

We reserve the right to modify or replace this Notice at any time by posting the revised Notice on our website. You are responsible for reviewing and becoming familiar with any such change each time you access any part of figshare.

Last Updated [24 May 2019]