Demo
Terms
Policies
Security
Quality

Science Exchange’s Plan to Protect Your Data

 

Last updated: October 19, 2022

 

At Science Exchange, we value the privacy of our customers and all visitors to our website. We are committed to protecting personal data that we collect and ensuring that individuals are able to exercise their rights with respect to such data. For more details on what data we collect and how we use it, please review our Privacy Policy.

 

Science Exchange is compliant with the General Data Protection Regulation (GDPR) and committed to partnering with our customers and users to help them understand their rights under the GDPR. The GDPR is the most comprehensive EU data privacy law to date and came into effect on May 25, 2018. GDPR is the successor to the Data Protection Directive (95/46/EC). The GDPR strengthens and standardizes user data privacy across the EU nations and sets forth new and additional obligations for all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, you can read about Science Exchange’s methods to achieve and maintain GDPR compliance:

 

-Security of Science Exchange’s Platform and Infrastructure: Science Exchange is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical, physical, and managerial procedures to safeguard and secure the information we collect online. If you’d like to learn more about Science Exchange’s security controls, policies, and procedures, please review our SOC 2 page.

 

-Adequate Level of Protection for Data Transfer from EU to US: Science Exchange is committed to complying with Article 46 of the GDPR, which states that personal data may be transferred to the U.S. only if appropriate safeguards are implemented. Prior to the Court of Justice of the European Union’s decision in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) (aka the Schrems II decision, which declared the US-EU Privacy Shield invalid), Science Exchange obtained its Privacy Shield certification from the U.S. Department of Commerce and relied on such certification as the mechanism to ensure that transfers of personal data from the EU to the US complied with GDPR. Following the Schrems II decision, Science Exchange began implementing data processing addenda, including standard contractual clauses (SCCs) to ensure that transfers of personal data from the EU to the US complied with GDPR. The data processing addendum included in the Terms of Use governs Science Exchange’s processing of users’ personal data. Unless a supplier has a separate agreement with a requester, the data processing addendum included in the Requester T&Cs and Supplier T&Cs governs the supplier’s processing of personal data shared by the requester.  

 

-Data Requests: Science Exchange has designated DataRep as its EU Data Protection Representative to enable customers and users to exercise their data portability and data management rights under GDPR. To learn more, please visit our Data Request page.

 

We will continue to monitor the guidance around GDPR compliance from privacy-related regulatory agencies and will adjust our plans and policies accordingly.

 

If you have any questions related to Science Exchange’s GDPR compliance, feel free to contact us by emailing privacy@scienceexchange.com