USERS PRIVACY POLICY

Effective date: May 15th, 2023

1. General

SciNote believes that safeguarding Personal Data is one of the most important aspects of maintaining privacy and protecting the rights of individuals. SciNote also believes that transparency is the first step towards that protection. This Users Privacy Policy strives to give Users an overview of Personal Data being processed by Us in Our role as the controller of Personal Data, as well as to inform Users about the rights granted to them under applicable legislation, including GDPR. These rights give each User a chance to have control over User’s personal data, therefore it’s important that Users are aware of their existence and application.

This Users Privacy Policy applies only for cases where SciNote is the data controller, meaning it is processing User’s Personal Data collected in connection with provision of Services on its behalf.

This Users Privacy Policy does not apply cases where SciNote is the processor of Personal Data, processing the Personal Data on behalf of a Customer, which is the Personal Data controller. In such cases the Users must contact the Customer directly for any enquires about their Personal Data and enforcement of any Personal Data related rights.

This document refers to the processing of personal data of Our Users (and Customers, if ever applicable). For individuals who have provided Us their personal data on Our website, the Website Privacy Policy applies. Please note that the processing described in this Users Privacy Policy and in Website Privacy Policy are not mutually exclusive.

Important notice: The usage of SciNote ELN is not meant for children, therefore a User must be at least 16 years of age at the moment the User creates a User Account (or at least 13 if the legislation that applies in User’s country has a lower age limit).

2. Contact Information

If a User has any questions or concerns regarding the Users Privacy Policy or if a User wishes to enforce any of User’s rights under this Users Privacy Policy, the User may contact SciNote at:

SCINOTE, LLC
3000 Parmenter Street
Middleton, Wisconsin 53562, USA
POB 620828
privacy@scinote.net

Since SciNote is a limited liability company registered and operating in the United States of America, Users and data protection supervisory authorities in the EEA and UK may contact our data protection representative with Personal Data related matters:

SciNote, d.o.o.
Železna cesta 18
1000 Ljubljana, SLOVENIA
privacy@scinote.net

3. Personal Data

SciNote, as a controller, processes User’s Personal Data collected from different sources and by different means – some Personal Data is provided directly by Users, some Personal Data is collected and processed automatically, some Personal Data is collected and processed through third parties, some Personal Data is collected and processed by use of cookies and other tracking technologies etc.

For Users to use the Services, SciNote may ask Users to provide certain Personal Data, and Users may provide SciNote with certain Personal Data when using the Services, which may include:

3.1. Account Details

  • 3.1.1. Personal Data, provided and processed in the course of providing and using the Services: full name (name and surname), e-mail address (which is used as User’s primary username), password, Team name (for Free Users), affiliated Customer and Plan to which the Customer subscribes to, security questions, feedback information, communication between SciNote and User and other Personal Data a User provides SciNote with regard to the User’s use of Services, Personal Data provided by the User within the SciNote ELN (e.g. through the Settings section of the SciNote ELN).
  • 3.1.2. Personal Data provided when signing in with LinkedIn (or other third-party sign-in): Users have a possibility to “sign-in with LinkedIn” (or other third parti sign-in). When signing-in with LinkedIn (or other third-party sign-in) User can choose to give consent to LinkedIn (or other third-party) for sending SciNote User’s Personal Data (including profile picture) needed for creating a SciNote User Account. If User uses this option, the User will log-in to User Account with the help of a special identifier connecting User’s LinkedIn (or other third-party) account and User Account, therefore no password is required. SciNote stores this identifier in a similar way SciNote would otherwise store User’s password.
  • 3.1.3. Gilson – SciNote integration (or other connected accounts): Users have a possibility to create User Account through any Gilson software product (e.g. Pipette Pilot, Pipette Scope), where both Gilson user account and SciNote User Account are created at the same time. In this case an additional personal identifier is stored by SciNote. The purpose of this identifier is to link User’s SciNote and Gilson connected accounts, enabling the User to share data between them in the scope of the integration between Software and Gilson software products. User may link User Account and Gilson user account at a later time or for any other integration with a third-party, whereas the scope of Personal Data will differ between the third-parties.
  • 3.1.4. Forms within the Software: From time-to-time SciNote may ask Users to provide some information related to the use of Software (e.g. what field or industry the User works in, location, job position, which other Users the User invited etc.) or perform some actions (e.g. provide feedback). Such data helps SciNote understand purposes for which the Software is used and optimize it and Services accordingly. Such information is provided voluntarily. Sometimes the forms also collect Personal Data that are needed by SciNote for performance of Contract (e.g. SciNote needs Customer’s billing information, so the account information can be updated).
  • 3.1.5. User to User invitations: Users can invite other people to create a SciNote User Account and/or join the Workspace, for which the User needs to provide e-mail address for sending the invitation link to such other people. SciNote may send such other people reminders to create their User Account. SciNote will process such other person’s Personal Data as described in the Website Privacy Policy, until such time such other person creates a User Account – upon creating a User Account this User Privacy Policy shall apply.

3.2. Activity Data

When User uses the Services, SciNote automatically receives and records data on User’s interaction with the Services – Activity Data. SciNote uses different service providers to gather the Activity Data, which use common information gathering tools such as cookies, web beacons, pixels and other similar tracking technologies (“Tracking Data”) to automatically collect Activity Data. Activity Data is data associated with a User Account and includes data on User’s use of the Services. Examples of Activity Data are:

  • information related to User’s activity and use of Services – this includes information on the use of certain features (frequency and duration), number of log-ins, general activity, connected accounts, log data, web browser information, device type, device name, IP address, geolocation data, unique device identifier, date and time stamps on the use of Service, operating system, page view statistics, language of device, other on User’s interaction with the Services, such as clickstream data and ad impressions.
  • data on User Accounts and Customers, meaning which Users and which Customers are connected through the same Workspaces (so called “associated accounts”).

Activity Data is processed for the purpose of providing the Services (performance of Contract), continuous improvement of Software, SciNote business and Services, as well as for engaging in promotional and sales activities aimed at the User and for statistical purposes of Software usage (legitimate interest).

Activity Data may be shared between associated accounts for the purpose of enabling certain functionalities of Services.

SciNote may process User’s Personal Data in connection with associated accounts such as User’s name, email address, and phone number and information about User’s industry, name of the Customer associated with the User and User’s job title. Such data may be combined with third party services such as business directories.

Tracking Data is used to identify User’s devices, to understand how Users navigate through Services, which features of Services and Services are most popular, how Users interact with e-mails SciNote sends.

3.3. Personal Data Collected Through Communication

Users can communicate with SciNote via several channels: e-mail, live chat, on-line meetings, web-forms etc. When processing the communication data, SciNote may process other data, such as which e-mails Users open, which links Users click etc.

On-line calls may be recorder for the purposes of improving our Services and/or to record evidence of a business transaction.

Personal Data collected through communication may including any other Personal Data a User chooses to provide to SciNote.

3.4. Personal Data Received from Third Parties

When a User uses the Services, SciNote may also collect data about the User from third parties including from:

  • other Users, e.g. User to User invitations, collaborations with Users in Workspaces etc.;
  • third-party providers, e.g. importing/exporting files (documents) into/from Services;
  • single sign-on service providers (JumpCloud or similar) and third-party service providers (third-party sign-in or connected accounts);
  • SciNote may also process information about Users (e.g. User’s education, company, title, email address) from publicly available third-party sites and use such information to contact User’s.

3.5. Community Platform Personal Data

When a User uses the SciNote community platform, SciNote may process the following Personal Data of the User, associated with User’s use of SciNote community platform:

  • name, username, password, email address, customer number, IP address, unique
    device ID, tracking technologies (e.g., pixel tags, cookies) to collect usage
    information;
  • domain information, pages visited, cookie information, session information (such
    as time spent on certain pages and page interaction information), date and time
    of your visit, webpages visited, links clicked, browser ID, browser type, device ID,
    operating system, form information downloaded, domain name from which our
    site was accessed, and cookies;
  • IP Address;
  • information about how the User uses the SciNote community platform.

4. Research Data

SciNote ELN was built as a tool to help Users and Customers store and manage (scientific) data and the work related to it. Users of SciNote ELN are therefore given the option to input, upload, or store in SciNote ELN texts, images, files and other type of data, which is referred to as Research Data. SciNote does not own nor control the Research Data, therefore SciNote does not check whether this data contains any Personal Data or special categories of Personal Data. SciNote does not treat any Research Data as Personal Data.

Whenever Personal Data is nevertheless part of Research Data, Customer, as the data controller, is responsible for lawfulness of such processing of Personal Data.

Sometimes User Account and Activity Data, may overlap with Research. For such cases User’s Personal Data processing may be different and User’s rights might be limited (e.g. SciNote cannot execute User’s right to be forgotten and delete User’s e-mail upon request, if this e-mail is a vital part of Research Data processing under authority and control of Customer).

5. Special Categories of Data

SciNote does not knowingly collect any Personal Data that falls under the scope of special categories, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

6. Personal Data Processing

SciNote processes Personal Data for several different purposes and on different legal basis, as described below:

Provision of Services: For provision of Services, SciNote uses Account Details, Activity Data, Personal Data Collected Through Communication, Personal Data Received from Third Parties. SciNote processes this Personal Data for the purposes of performing a Contract. Where SciNote is not processing the Personal Data for the purpose of performing a Contract, SciNote processes the Personal Data on the grounds of consent, where applicable, or on the basis of SciNote’s legitimate interests in operating, maintaining, improving the Services, SciNote’s internal and business operations and to provide the Users and Customers the Services, including the use of SciNote ELN.

Communication: For communication with Users and Customers, SciNote uses Account Details, Personal Data Collected Through Communication, Activity Data and Personal Data Received from Third Parties, where applicable. Some examples of communication will include sending Users and Customers confirmations, notices about the Services and other administrative matters (expiration of Term, renewal etc.), invoices, technical support, onboarding, replying to User’s messages (e-mail, conference calls, live chat, etc.), etc. SciNote processes this Personal Data for purpose of performing a Contract. Where SciNote is not processing the Personal Data for the purpose of performing a Contract, SciNote processes the Personal Data on the grounds of consent, where applicable (e.g. in cases where User initiates communication and provides Personal Data at User’s own initiative), or on the basis of SciNote’s legitimate interests in operating, maintaining, improving the Services, including sending notices pertinent to the use of Services, SciNote’s internal and business operations and to provide the Users and Customers the Services, including the use of SciNote ELN.

Support: For provision of support to Users and Customers, SciNote processes Account Details, Personal Data Collected Through Communication, Activity Data and Personal Data Received from Third Parties. SciNote uses this Personal Data to investigate and diagnose issues with the Services, to provide support services to Users and Customers.

SciNote processes this Personal Data for purpose of performing a Contract. Where SciNote is not processing the Personal Data for the purpose of performing a Contract, SciNote processes the Personal Data on the grounds of consent, where applicable (e.g. in cases where User initiates communication and provides Personal Data at User’s own initiative), or on the basis of SciNote’s legitimate interests in operating, maintaining, improving the Services, and to investigate security incidents.

Maintenance and Improvement of Services: For maintenance and improvement of Services, including for ensuring security of Services, SciNote uses Account Details, Activity Data, Personal Data Collected Through Communication and Personal Data Received from Third Parties. Such processing of Personal Data includes tracking User’s behaviour when using the Services (including for example types of documents uploaded, size of files, time spent on activity, etc.), verifying User Account and activity of Users and Customers, investigating suspicious activities, enforcing SciNote’s Terms of Services and applicable policies. Such processing is performed on the basis of SciNote’s legitimate interest – SciNote is performing such processing of Personal Data to maintain and improve the Services, to ensure the safety and security of Services, primarily of SciNote ELN, SciNote’s systems and applications and in protecting and enforcing SciNote’s rights and the rights of others.

Direct Marketing: For direct marketing purposes SciNote uses Account Details, Activity Data, Personal Data Collected Through Communication and Personal Data Received from Third Parties. Processing of Personal Data based on direct marketing purpose includes: communication regarding tips and tricks that help Users use the Services, educational content, invitations to events, market research, User engagement, providing feedback and loyalty programs, market research participation requests, segmentation, as well as promotional content like special offers and discounts or introduction of Plans or features SciNote believes might interest Users and Customers. The communication and communication channels might be different based on Personal Data SciNote processes about Users. For example, SciNote may provide Users with different educational content based on User’s Activity Data or send Users different use-cases based on their field of work/industry/Customer with which the User is associated with. Direct Marketing is performed on the legal basis of legitimate interest.

Complying with Legal Obligation: SciNote may process any of Personal Data when cooperating with authorities (supervisory authorities, inspectors, courts, investigators, etc.) in accordance with SciNote’s legal obligations under applicable laws, to the extent such cooperation requires the processing or disclosure of Personal Data to protect SciNote’s rights, or to the extent necessary for SciNote’s legitimate interest in protecting against misuse or abuse of Services, protecting personal property or safety, pursuing remedies available to SciNote and limiting damages, complying with judicial proceedings, court orders or legal processes, or to respond to lawful requests.

Community Management: SciNote may use certain third-party services to provide, maintain and manage the SciNote community platform. By singing in into the SciNote’s community platform, User’s Community Platform Personal Data will be processed by SciNote for the purpose of managing and maintaining the SciNote community platform, for moderating the community, for communication with Users etc. User’s must carefully read the any terms of use and any applicable privacy policies of the third-party service provider that provides the SciNote community platform, as they may be regarded as additional controllers of personal data of Users that use the SciNote community platform.

In the course of processing of Personal Data, SciNote may aggregate, analyse, or otherwise process Personal Data.

7. Duration of Personal Data Processing

SciNote will process the Personal Data as long as necessary for the purposes for which it was collected and/or is processed. The duration depends on the legal basis based on which the Personal Data is processed:

Legitimate Interests: SciNote will generally retain Personal Data processed on the basis of legitimate interest for a reasonable period of time based on the particular legitimate interest, taking into account the interests as well as rights and freedoms of Users as data subjects.

Consent: SciNote will retain the Personal Data processed based on consent until the User withdraws the consent.

Performance of a Contract: SciNote will generally retain Personal Data processed on the basis of performance of a Contract for the duration of the Contract plus some additional limited period of time after termination or expiry of the Contract that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship between SciNote and the Customer.

Legal Obligation: SciNote will generally retain Personal Data processed on the basis of complying with a legal obligation for the period of time necessary to fulfill the legal obligation.

SciNote reserves the right to retain Personal Data beyond the typical retention period in cases where SciNote faces threats of legal claims. In such cases the retention period will last until the claim or threat of claim has been resolved.

8. Categories of Recipients of Personal Data

SciNote process Personal Data with the help of our corporate affiliates, contractors, external service providers and consultants, as well as with the help of some third-party services and tools (jointly referred to as “Recipients”). SciNote will share Personal Data with the following categories of Recipients:

  • Recipients that provide services to SciNote, such as sales services, cloud infrastructure providers, data analytics providers, customer support service providers, IT security providers, legal, accounting and other professional service providers, etc.;
  • Recipients that are corporate affiliates of SciNote.

When a User decides to share its Personal Data with other Users, or invites Users to collaborate within SciNote ELN, recipients of Personal Data are also Users.

When SciNote is complying with a legal obligation the recipients of Personal Data may include supervisory authorities, inspectors, courts, investigators, etc.

9. Users Rights

Users from EEA and UK and other Users for whom GDPR applies have the following rights granted to them under GDPR (subject to certain limitations provided by law):

  • Right of Access (Article 15 of GDPR);
  • Right to Rectification (Article 16 of GDPR);
  • Right to Erasure (Article 17 of GDPR);
  • Right to Restriction of Processing (Article 18 of GDPR);
  • Right to Data Portability (Article 20 of GDPR), if applicable;
  • Right to Withdraw Consent (Article 7 of GDPR) at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • Right to Lodge a Complaint with a Supervisory Authority (Article 77 of GDPR).

If the exercise of these rights limits SciNote’s ability to process Personal Data (such as in the case of a Right to Erasure request), SciNote may no longer be able to provide the User with the Services.

10. Users – Residents of California

Users who are residents of California, may be able to exercise the following rights (subject to certain limitations provided by law):

  • Right to Know any or all of the following information relating to User’s Personal Information SciNote collected and disclosed in the last 12 months, upon verification of User’s identity:
    • Personal Data SciNote collected about the User;
    • categories of Personal Data SciNote collected about the User;
    • categories of sources of Personal Data;
    • categories of Personal Data that SciNote disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
    • categories of Personal Data SciNote has sold and the categories of third parties to whom the Personal Data was sold; and
    • business or commercial purposes for collecting or selling the Personal Data.
  • Right to Request Deletion of Personal Data SciNote collected from User, subject to certain exceptions.
  • Right to Opt Out of Personal Data sales to third parties now or in the future.

Users have the right to be free from discrimination for exercising these rights. However, please note that if the exercise of these rights limits SciNote’s ability to process Personal Data (such as in the case of a Right to Request Deletion request), SciNote may no longer be able to provide the User with the Services.

11. International Personal Data Transfers

SciNote is registered and operates primarily in the United States of America. By using the Services User’s Personal Data will be transferred to, stored, or processed in the United States of America (or in other countries where the privacy laws may not be as protective as those in User’s country) and maintained on computers or servers located outside of User’s state, province, country, or other jurisdiction where the privacy laws may not be as protective as those in User’s jurisdiction.

SciNote takes appropriate safeguards to ensure that User’s Personal Data remains protected in accordance with this Users Privacy Policy and applicable data protection laws, including but not limited to GDPR.

12. Security

SciNote employs technical, organizational and physical safeguards designed to protect the Personal Data under its control. However, security risk is inherent in all internet and information technologies, and SciNote cannot guarantee the absolute security of User’s Personal Data.

Users should impose measures to protect against unauthorized access to passwords and devices.

SciNote has the right to process Personal Data to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of the Services.

13. Updates to Users Privacy Policy

SciNote reserves the right to modify or replace any part of the Users Privacy Policy at any time. It is the User’s responsibility to check the Users Privacy Policy periodically for changes, whereas the current version will be available at:  https://www.scinote.net/legal/users-privacy-policy/. SciNote shall use its best efforts to communicate changes to Users by posting a notice on SciNote’s website, by sending Users an e-mail and/or by using other means of communication, prior to the changes becoming effective.

14. Definitions

If not defined differently in this Users Privacy Policy, the capitalized terms shall have the meaning defined with the Terms of Service.

“GDPR” means the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

“Terms of Service” means SciNote Terms of Service available at: https://www.scinote.net/legal/terms-of-service/, as amended from time to time.

“Personal Data” means personal data as defined by GDPR.

“Website Privacy Policy” means Website Privacy Policy available at: https://www.scinote.net/legal/website-privacy-policy/, as amended from time to time.