Data protection agreement

Current version: 15 August 2018

Copernicus GmbH, the legal entity of Copernicus Meetings and Copernicus Publications, is dedicated to protecting your personal information and will make every reasonable effort to handle collected information appropriately. All information collected will be handled with care in accordance with our standards for integrity and objectivity and respect for your privacy. Copernicus endeavours to comply with the laws and regulations that apply to the collection and use of personal information, including the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the EU General Data Protection Regulation (GDPR).

The following paragraphs inform you about how we collect, store, and reuse your personal data and about other data-protection measures you face when visiting websites and services provided by Copernicus. In case of any question please do not hesitate to contact us at data.protection@copernicus.org or our data protection officer Dr. Ralf Schadowski at schadowski@addag.de.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Copernicus GmbH
Bahnhofsallee 1e
37081 Göttingen
Germany

The responsible party is the legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your expressed consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German federal state of Lower Saxony in which our company is based. The contact details can be found at: https://www.bfdi.bund.de/SharedDocs/Adressen/LfD/Niedersachsen.html?nn=5217144

Right to data portability

You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

A. The usage of cookies on Copernicus websites

Copernicus provides the following websites as static HTML pages: www.copernicus.org, publications.copernicus.org, meetings.copernicus.org, www.copernicus-gesellschaft.org, all conference websites, and all journal websites. Even when browsing through the online libraries of the journals published by Copernicus, these pages are static. All these static websites do not use cookies and therefore do not collect any personal information from you. Discussion pages of interactive journals, online programmes of conferences, and iFrames used on static pages to allow you to log into our online system Copernicus Office (e.g. manuscript tracking, submit your manuscript, or conference registration) create so-called cookies on your PC. Such cookies are session cookies, contain only a randomly-created session ID, and are automatically deleted after your visit, at least when you close your browser window.

If you logged in to our online system Copernicus Office while browsing our websites, the user administration of Copernicus Office creates a cookie on your device, which includes a randomly-created ID and an expiration time. As long as this time has not expired or you explicitly log out, you remain logged in to our system. After the expiration time set in the cookie, you are automatically logged out from Copernicus Office and the session cookie is deleted from your device. The session cookie will also be automatically deleted if you close all browser windows.

Cookies do not harm your computer and do not contain viruses. Cookies are small text files that are stored on your computer and stored by your browser. You can set your browser so that you are informed about cookie settings and that you allow cookies only in individual cases, that the acceptance of cookies for certain cases or generally is excluded, and you can activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our websites.

B. Server log files

When browsing through Copernicus websites, our servers automatically collect and store information in so-called server log files, which your browser automatically sends to us. This is common practice for most of the websites worldwide. These server log files include

  • browser type and version,
  • operating system,
  • referrer URL,
  • host name of the accessing device,
  • time stamp of the server request,
  • IP address.

A merge of these data with other data sources will not be done. Exception: when accessing journal articles in form of their HTML, PDF, or XML files, we read your IP address from the server log files to identify your origin (country). This country information is used once to count the overall accesses per journal article file (HTML, PDF, or XML files) per country. This information is shown in the metrics tab of the journal articles in the section "Viewed (geographical distribution)". However, after contributing to this overall sum per country and journal article file, your IP address will not be stored anywhere except in the server log files as mentioned above.

C. Personal data in Copernicus Office and data protection agreement

Preamble

  • This data protection agreement is made between Copernicus GmbH (hereafter Copernicus) and the user of the online system Copernicus Office.
  • The term "user" includes not only natural persons who independently create a user account in Copernicus Office but also natural persons for whom user accounts are created by third parties as part of Copernicus projects.
  • The term "projects" covers all conferences organized by Copernicus, all journals that Copernicus is responsible for producing and publishing, as well as all the services that Copernicus performs for the members of organizations.
  • The term "organization" includes scientific societies, universities, research institutes, science funders, and other entities that provide a platform or forum for scientists to exchange and disseminate knowledge.
  • Projects are either carried out by Copernicus on behalf of and for the account of organizations, or organizations grant Copernicus the licence to perform meetings or journals belonging to the organizations on their own behalf and for their own account. Both cases regulate the collection, storage, and maintenance of personal data in the form of commissioned data processing.

Why do I need a user account at Copernicus?

Almost all processes in Copernicus Office require the identification of a user by logging in with a user ID and password. The following list provides examples of user roles requiring a user account:

  • submission of an abstract as a contact author to a conference organized by Copernicus;
  • application for support to attend a conference;
  • organization of a session as convener at a conference;
  • organization of the scientific programme of a conference as a member of the programme committee;
  • selection of participants who will receive support for attending a conference as a member of the selection committee;
  • nomination of reviewers for posters and PICO award programmes, coordination of reviewers, and submission of evaluations for these awards;
  • registration for a conference and/or its side events by paying a registration fee as a participant;
  • booking a booth at a conference as an exhibitor;
  • submission of a manuscript as a contact author or co-author to a journal that Copernicus publishes;
  • review of manuscripts as an editor of a journal;
  • coordination of the editors of a journal as a chief editor;
  • review of manuscripts as a reviewer of a journal;
  • acquisition of printed journals as a subscriber;
  • acquisition of memberships in a member organization.

What personal data are collected and stored by Copernicus?

If a user actively creates a user account, the following data are required:

  • Salute
  • First and last name
  • Type of affiliation or private
  • Affiliation
  • Country
  • Email address

These data can be accompanied by the following optional data:

  • Title
  • Scientific initials
  • Date of birth
  • Department of affiliation
  • Street, number, ZIP code, and city
  • Further email addresses
  • Phone, mobile, and fax number
  • Personal URL
  • ORCID, including the connection of your ORCID account with your Copernicus Office user account (initiated by you)

What encompasses the data of my scientific profile?

Especially when registering for conferences or obtaining memberships in organizations, profile data are requested optionally in the forms (e.g. on specialization, interest in working on projects of organizations, and other data). If a user optionally completes it, the user can view, change, and delete these profile data at any time at: https://administrator.copernicus.org/profile/

Is the transmission of my personal data secured?

All applications of Copernicus Office that contain forms for entering, changing, or deleting personal data are encrypted using SSL-encryption (https).

Where can I check my personal data stored by Copernicus?

All personal data can be viewed and modified by the user at any time at: https://administrator.copernicus.org/personal_data/

Can I delete my personal data stored by Copernicus?

The section "Set personal data" lists all personal data. Users can view and change all data at any time. A user may delete all data except the basic data to identify you as a scientist including first and second names, type and name of affiliation, country of affiliation, and email address. If a user also wants to delete these data, the entire user account must be deleted.

Why am I able to include more than one email address in my user account?

When authors submit abstracts for a conference or manuscripts for review in a journal, contact authors enter their co-authors by name and email. The reason for this is that every co-author needs to know that a manuscript has been submitted in their name. Furthermore, each co-author has the right to see the status of their abstract or manuscript in the review and production process. Upon submission, the contact author may use an email address that differs from the one the co-author has used in the past in Copernicus Office. To avoid the case that any further email address leads to the creation of a new user account, all users have the possibility of including several email addresses so that the input of an email address of a co-author by the contact author has a higher chance of being assigned to an existing user account actually used by this colleague. Users mark themselves which email address should be the main address. In most processes when dealing with abstracts and manuscripts, Copernicus Office sends automatic emails. Such emails are sent to the main address.

Besides personal data, does Copernicus offer me a full record of all traces I have left in Copernicus Office?

Yes. The section "My account" provides the view "My records". Here, we have summarized all information we have about you: abstracts you have submitted or reviewed, sessions you have convened, programme committees you have taken part in, journal manuscripts you have submitted, reviewed, or handled as editor, memberships for scientific organizations you have acquired through Copernicus Office, and specific user groups you have been a member of in scientific organizations using Copernicus' services. My records also lists your personal data and you profile data again. Therefore, this overview gives you a full record of your traces in Copernicus Office. Please find your personal records at: https://administrator.copernicus.org/personal_records/

How is my password stored and where can I change it?

Passwords are always requested on forms that are SSL-encrypted (https) for the transfer to be secured. In the database of Copernicus Office, the passwords are then stored in encrypted form, so that nobody, not even Copernicus' employees, can read the passwords. Each user can change the password at any time via the section "My account" at: https://administrator.copernicus.org/password/

Does Copernicus also store payment details?

If a user wants or has to make a payment online through a Copernicus web form, in the last step of a purchase process, credit card details are entered in a way that they are only transferred to the PCI-DSS certified partner iPayment and not cached by any Copernicus system. Although Copernicus can view and reverse these debits via iPayment, Copernicus does not have direct access to the credit card details. Copernicus only stores the time a user with the payment method credit card has paid an invoice, the invoice number, as well as the transaction number of iPayment, so that negative booking operations become possible. If a customer pays by bank transfer, Copernicus also only stores the time a user has paid an invoice and the invoice number. Bank account data are not stored anywhere in the Copernicus system.

Can others see my personal data?

Copernicus' employees can only view and edit the personal data of a Copernicus Office user if they work in customer service. Confidentiality obligations as part of the employment contract and declarations of obligation to the §5 BDSG prevent employees from using this information other than for the purpose of customer service.

To the general public, personal data of Copernicus Office users are only shown when holding specific positions in conferences organized or journals published by Copernicus. Journal editors are automatically displayed on the website of the editorial board of the journals and session conveners of conferences are shown in the online programme of the respective conference for the purpose of contacting them. Hereby, users are only shown by default to the public with name, affiliation, and country. The visibility of any further personal data is controlled by the user and the visibility must be autonomously and explicitly allowed.

Does Copernicus disseminate my personal data?

When Copernicus organizes a conference, these conferences always belong to a scientific partner (e.g. learned associations, research centres, or similar bodies). If such bodies ask Copernicus to provide conference services, the collection, storage, and maintenance of personal data are regulated in the form of commissioned data processing (Auftragsdatenverarbeitung). If you attend such a conference, we provide the owner of the conference (the body with whom we have the agreement on commissioned data processing) with your personal data (name, affiliation, postal address, and email) relevant for the preparation of your conference material and entry badge. Other individuals involved in the conference organization like session conveners or programme committee members do not receive any personal data from us. During the course of the conference preparation, such organizers can use email interfaces inside Copernicus Office in order to contact attendees or presenters with important information about the conference. However, these email interfaces hide your personal data. You are free to answer or delete such emails.

For journals published by Copernicus, we always act on our own behalf. Journals owned by scientific associations provide Copernicus with the respective licence. Here, we do not disseminate personal data. Exception: when reviewing a manuscript as a referee, the handling editor can see your name, affiliation, and email address in order to be able to contact you. If you do not want your email address to be shown to editors handling the manuscript, we suggest that you do not agree to any referee calls. Furthermore, as a referee, you can decide to stay anonymous for review and/or publication or to disclose your name. If you disclose your name, it will be shown in the section "reviewed by" in the journal article. As an editor, public appearance of your personal data is explained in the section "Can others see my personal data?" above.

Copernicus also sells memberships for scientific associations through web forms in Copernicus Office. As for conference registration, membership sales are in the name of and on behalf of the respective associations. The collection, storage, and maintenance of personal data are regulated in the form of commissioned data processing.

What happens if I do not use my account at Copernicus Office?

Two years after your last login, you will receive an email asking whether you are still interested in Copernicus Office. If you do not respond to this email, your user account will be suspended. Your personal data and your account will not be deleted but inactivated. You can reactivate your account at any time but you can of course also decide to delete your account.

How can I delete my account and make use of my right to be forgotten?

The section "My account" includes the link "Delete my account" at: https://administrator.copernicus.org/delete_account/. When you delete your account, we will not keep any of your personal data on our servers. This includes data that were connected to your user ID and which were stored in the data base of our administration system. Hence, we cannot recreate or reactivate your account. To avoid confusion, please keep in mind that abstracts at conferences and journal articles are scientific publications. In these publication files (containing, for example, PDF, XML, and HTML), your name, affiliation, and, if included in the publication file by you, address data as well as email address will remain. However, they are no longer connected to a user account, so your name and affiliation are stored per published paper without linkage to any other paper or user account. But following the concept of scientific publications and its long-term record, we will not update a published journal article file or the file of an accepted and presented abstract of a conference to remove your name and affiliation from the list of authors. These files have been published freely accessible with authors' copyright and distributed under Creative Commons licences. The files have therefore become part of the overall scientific record and cannot be modified.

Does Copernicus send out email messages through its Copernicus Office?

We differentiate between announcements and system emails relevant for the conference organization and journal publication. Announcements for upcoming conferences, newly launched journals, or important adjustments in Copernicus Office are sent out very rarely. However, you are free to decide whether you would like to receive such emails. You can control the receipt of announcements at any time at: https://administrator.copernicus.org/announcements/. Regarding system emails as an integral part of the conference organization or journal publication, you may not opt out of receiving them. If you submit an abstract to a conference, convene a session, or serve as a member of the programme committee, or if you submit a manuscript to our journals, review as a referee, or moderate the review process as an editor, you have to agree to receive relevant system emails sent out whenever deadlines are met and/or actions from your side are needed to proceed with the work-flow.

D. Third-party websites

While browsing on websites provided by Copernicus, you might be linked to third-party websites. Since we cannot control what information such websites ask for or how the vendor of such websites may use or disclose any information you may provide to them, we strongly recommend that you exercise caution before providing them with your personal information.

E. Plugins

YouTube

Our websites use plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to §6(1)f DSGVO. Further information about handling user data can be found in the data protection declaration of YouTube at: https://www.google.de/intl/de/policies/privacy

Google Maps

Our websites use the mapping service Google Maps via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored on a Google server in the United States. We as the provider of our websites have no influence on this data transfer. The use of Google Maps is in the interest of an attractive presentation of our web contents and an easy findability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of §6(1)f DSGVO. For more information on how to handle user data, please refer to Google's Privacy Policy at: https://policies.google.com/privacy?hl=en

Google web fonts

For uniform representation of fonts, some of our pages use web fonts provided by Google (e.g. in Google Maps or YouTube plugins). When you open such a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. If your browser does not support web fonts, a standard font is used by your computer. The use of Google web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a legitimate interest within the meaning of §6(1)f DSGVO. For more information on how to handle user data, please refer to Google's Privacy Policy at: https://policies.google.com/privacy?hl=en

F. Data protection officer

The data protection officer of Copernicus according to §4g,f BDSG is Dr. Ralf Schadowski, certified according to DIN ES ISO/IEC 17024.

Dr. Ralf Schadowski
ADDAG GmbH & Co. KG
Krefelder Strasse 121
D-52070 Aachen
Germany
Phone: +49-241-446880