Privacy notice
Privacy notice
COPE is committed to protecting your privacy and ensuring that any personal data you provide to us is safe, and complies with UK data protection legislation. Personal data is any information about you by which you can be identified or be identifiable. It includes information such as your name, email address, and location.
This privacy notice describes what personal data COPE collects, how we use it, when we share it with others, and how we keep it secure. This notice also explains your rights in relation to your personal data, and what to do if you have any concerns about how we process your personal data.
Contents
Who we are
COPE (Committee on Publication Ethics, “our”, “us”, “we”) is registered as a charitable company limited by guarantee in the UK and was set up in 2007. It is also a registered charity (1123023). COPE’s principal Objects are “to educate and advance knowledge in methods of safeguarding the integrity of the scholarly record for the benefit of the public”.
COPE is the data controller in respect of your personal data. This means we decide what data to collect and how it should be used. Further details on the purposes we collect your personal data for is included in this privacy notice, as well as how we safeguard your privacy.
Our contact details
You can write to us at: COPE, New Kings Court, Tollgate, Chandler’s Ford, Eastleigh, Hampshire, SO53 3LG, United Kingdom.
Christina McGuire, the COPE Web Manager, is the person designated to support COPE with its data protection responsibilities. You can email Christina via [email protected]
How we collect personal data
We collect personal data when you contact us; subscribe to our newsletter; apply for membership; become a member; access our resources and services; register for, or attend an event (in person or online); submit a complaint via the Facilitation and Integrity subcommittee; apply to work or volunteer with us; create an account on our website; participate in surveys or give us feedback.
We will collect only the data we need for the purpose stated. We will make clear at the point of collection whether information we are asking for must be given (so that we can provide the specific product or service), or whether it is optional (and we will explain why it is helpful to include this).
We will only process your personal data for the purposes for which we collect it, and will only use it for another purpose if this could be reasonably assumed to be compatible with the original purpose, or where you give your consent.
When you access resources on our website we automatically collect information about how you use our website, including the pages you visit, as well as technical data, such as which browser you use. We use cookies to collect this data. Further information on cookies can be found in our cookie policy.
What personal data we collect
Personal data means any information about you which identifies you, or could be used to identify you.
We may collect, use, store and transfer different kinds of personal data about you. We have grouped this data into:
- Identity data includes full name, username, title, photos, audio or video
- Contact data includes email address, telephone number, billing address, location
- Professional data includes job role, CV, organisation
- Employee data includes National Insurance number, salary, review data, pension data
- Profile data includes username and password, and feedback where you provide your name or email, for example
- Transaction data includes invoices, and payments
- Usage data includes information on what resources and services are accessed, such as website guidance, or event attendance
- Technical data includes details about the browsers, operating systems, and devices that people use when accessing our website
- Marketing and communications data includes any marketing or communications preferences
- Case data includes data submitted by a member who has raised a case for Forum/Council review and guidance
- F&I data includes data submitted to the COPE Facilitation and Integrity Subcommittee, raising a concern from or about a COPE member
How we use your information - our ‘lawful bases’ for processing
The ‘lawful basis for processing’ is the legal grounds that permit us to collect your personal data. It is determined based on the specific purpose we collect that data for. It is most often when:
- it is necessary for the performance of a contract
- for example, when you become a member, or an employee
- you have given permission (consent)
- for example, when signing up to receive our newsletter
- it is in our legitimate interests as an organisation (which we balance against your individual rights). This includes:
- communicating with you regarding your membership
- communicating with named individuals in membership applications
- dealing with concerns and issues brought to COPE
- communicating with you in relation to queries or financial transactions
- improving the quality of our resources by engaging with members and non-members to inform future development and understanding the demographics of those who use COPE resources
- in compliance with law
- where we have a legal obligation to keep your personal data. For example, for accounting purposes.
Where the legal basis for processing your personal data is consent, we will provide a consent form for you to complete. This form will record whether you have or have not provided us with consent for the use of specific personal data. We will retain this form for as long as necessary.
When we may share your personal data
We may share your data with other organisations that provide services on our behalf (service providers). The legal bases for this will be where we have your consent, or to perform a contract with you, or where it is in our legitimate interests. Examples of when we share your data with service providers:
- Payment processors who process membership subscription payments on our behalf
- Website hosting and infrastructure services providers
- Software service providers such as Monday.com, Airtable and Basecamp, that support administrative activities
- Marketing and engagement service providers, such as Mailchimp and Hootsuite
- Insights and analytics service providers, such as Google Analytics
- Form software service providers, such as Jotform and SurveyMonkey
- Digital service providers, such as our digital partner, CTI Digital, who are ISO accredited for information security management
Event attendees
Whenever we share information with third party organisations for event administration purposes, we will always tell you about this before you register. For example, a venue for an in-person event, or an online platform such as Zoom. We will always refer you to their privacy policies, which will detail how they will process your data. If you wish to exercise your rights, please contact COPE, who is the data controller.
For online events where you do not wish to disclose your identity to other attendees, we recommend that you familiarise yourself with the platform and their privacy notice, to understand how you can best support the level of privacy you require. This could include, for example, only showing your first name, or switching off your camera.
Photos
When we take group photos at events, online or in-person, for use in our materials, we will:
- always notify you of this in advance
- Ask for your consent to use your photo(s) on our website, social media channels or any other COPE channel
- provide an easy mechanism to support your request not to be photographed
Video and audio recordings of events
We record online and in person events to support the production of accurate minutes, and sometimes for later publication on our website or social media channels, for members or non-members.
We will always notify you in advance if an event, or part of an event will be recorded, and remind you again before the recording commences. You may then choose to switch off your camera and/or audio.
Event speakers
We have a custom consent form for event speakers. This form records whether you have, or have not, given consent for COPE to use your images, video/audio, and presentations, on the COPE website, social media and other channels or materials.
Email newsletters
COPE uses Mailchimp to communicate with members and non-members. Where you have consented to receive newsletters, you can opt out of these at any time. Every email sent to you will include a link to do this.
If required by law
In exceptional circumstances we may be legally required to share your personal data, for example, to respond to requests from law enforcement services or the government for the purposes of prevention of crime, or in connection with legal proceedings.
How we keep your data secure
Your personal data will be held and processed securely on our systems. We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing, and accidental loss. Access to your data is limited to individuals who need it. This may include members of the COPE team, COPE Council Members, and COPE Trustees. We take steps to ensure that everyone who delivers services on behalf of COPE is aware of their data security obligations.
When we contract a third party to deliver a service, we ensure that a relevant contract is in place that specifies their legal responsibilities and liabilities. This ensures the security, lawful processing and confidentiality of any personal data shared with them. It also ensures that they only process personal data for the specified purposes.
Data transfers outside the UK and EEA (European Economic Area)
Some of the service providers we contract are located outside the UK or EEA. Where this is the case, we ensure that any transfer of personal data outside of the UK and EEA has appropriate safeguards in place to protect your personal information. Where appropriate this includes the use of standard contractual clauses to provide your personal data with the same level of protection as it has in the UK or EEA.
Cases (‘Forum’ Cases)
COPE Members can bring specific publication ethics issues to the COPE Forum for discussion and advice, known as ‘Forum Cases’. Members submit Cases through an online form on the COPE website. The names of individuals relating to the Case details are not submitted. A member of the COPE Team carefully reviews and anonymises the submitted data if necessary to remove any direct identifiers including country and journal name from the Case Title, Summary or Text fields. The anonymised Case is then published on the COPE website before being brought to the COPE Forum meeting for discussion.
Anonymised data does not require protection under data protection legislation. However, on rare occasions it may not be possible to completely anonymise a Case without losing relevant information that is vital to the Case discussion and any advice presented. When this happens the Case is considered to be ‘pseudonymised’, As pseudonymised data is still personal data, in that it could be used to identify an individual directly or indirectly, in combination with other information, COPE recognises that its processing of such data is subject to data protection regulations.
Our lawful basis for processing of pseudonymised Cases is based on our legitimate interests to support and provide guidance on issues reported concerning COPE members, and to publish these ‘Case studies’ and advice, in order to advance publication ethics in line with COPE’s mission.
We have conducted a legitimate interests impact assessment for pseudonymised Cases, to ensure that individual’s rights are balanced against COPE’s legitimate interests.
How long we keep your information
We will retain your personal data only for as long as necessary. The length of time will vary depending on the purpose we have collected it, any legal obligations we have (for example, for accounting purposes), the nature of any contracts we have with you, and our legitimate interests.
Social media
We use social media platforms such as Twitter/X, Facebook and LinkedIn to post news about our services, and topics related to these, and may reply to comments and questions you post there. We receive aggregate analytics data of activity on our posts. This data does not include personal information, but tells us how many people interacted with our posts. However, we can directly identify the profile of anyone who directly engages with COPE on social media. We recommend that you review the privacy policies of these social media platforms.
Your rights
Under UK data protection legislation, you have a number of rights:
The right to be informed
- We must inform you how we will use your personal data, which we do through this privacy notice.
The right of access
- You have the right to request access to a copy of your personal data that we hold, and we must respond to your request within one month.
The right to erasure
- You have the right to request that we delete your data. We will delete your data unless we have a legal reason or legitimate interests for keeping it.
The right to object
- You have the right to object to direct marketing from us, or to any processing of your personal data where our lawful basis is legitimate interest.
The right to restrict processing
- You have the right to request us to stop processing your personal data if the processing is causing you damage or distress.
The right to rectification
- You have the right to ask us to correct personal data about you if it is inaccurate.
The rights you have depend on the lawful basis for processing. This means that the rights above do not always apply in some instances. However, where we use your information for a specific purpose based on consent, you can withdraw that consent at any time.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Your Data Matters is a useful resource from the ICO (Information Commissioner’s Office), which provides more information about your rights.
Contact us
If you would like to contact us about the use of your personal data, to exercise your rights as described above, or if you have any concerns or questions about our use of your personal data, please email [email protected]
Your right to complain
If we are unable to resolve your complaint, or you believe that we have breached your data protection rights, you have the right to complain to the Information Commissioner’s Office about how we have used your data.
-
Changes to this notice
We will update this privacy notice periodically to reflect any changes in our processing of personal data, as well as changes to legislation. When we do this we will change the ‘Last updated’ date on the page, and any changes will apply immediately. If we make any material changes, COPE will take reasonable steps to let you know. We recommend that you review this notice regularly.
Page history
- Last updated: 23 August 2023
- Version 2 published: 21 August 2023