Last Updated 2 November 2020
The Review of Finance (RF) takes the privacy and security of your personal information seriously. As the official journal of the European Finance Association (EFA) we are based within the European Economic Area (EEA). Our data processing and storage protocols are therefore compliant with the General Data Protection Regulation (GDPR).
As the Data Controller, the RF is ultimately responsible for the privacy and security of the personal information you give to us. In order to carry out our day-to-day activities, we work with a number of Data Processors and third party organisations, each of whom we have comprehensive agreements in place with, to ensure GDPR-compliant management of your information.
Please review the information on this page to find out more about how we, and our Data Processors, collect, process, and store your data.
The data we need
We only collect basic personal data about you which does not include any sensitive or location-tracking information. We collect this information both directly and indirectly, as described below. The personal data we collect from you includes:
- Information you enter into Editorial Express (EE) including your name, email address, mailing address, title, and phone number. This information is only considered ‘personal’ where the information provided is private/residential, as opposed to an address, phone number or email address related to your institution.
Please note that when you sign up for EE you also agree to their own terms and conditions governing the use of your information. This Privacy Notice only covers the use we at RF make of your information, and not the use made of it by EE, or by any of the other journals or organisations with whom they work, where you have agreed to this. Please review the section on ‘Your agreements with external organisations’ for more information.
- Information contained in emails, including your email address, if you contact us (including replying to an email we have sent to you) at email@example.com.
- The payment information provided by you, either by email, within PayPal, or through a Google Form, to allow us to make a payment to you. This payment information may take the form of bank details or an email address associated with your PayPal account.
- Information you provide on any form we ask you to fill out, for example, an Article Information Page in respect of an Accepted Manuscript (where you provide personal, rather than institutional, information).
Why we need it
We use your information in order to carry out the core activities of the Review of Finance, for example:
- To contact you about a submission you have made to the RF.
- To contact you to request that you provide a referee report for the RF.
- To identify whether your research interests are suitable to ask you to provide a referee report for the RF.
- To respond to your questions or queries.
- To pay you for providing an on-time referee report.
- To refund or part-refund your manuscript submission fee.
- To provide detailed address information on payment invoices in accordance with EU regulations.
- To contact you about the RF’s annual awards, for example, the Best Paper Award, and the Distinguished Referee Awards.
- To provide you with important updates about the RF.
What we do with your data
We predominantly access your information through EE. We use the information in EE to carry out the journal’s core activities, as described above.
We use payment information you provide us with in order to make and receive payments and to generate invoices.
We may occasionally use your data for analytical purposes, for example, to identify which countries submissions to the RF originate from. Any output from such activities that is shared beyond the RF team is always completely anonymised.
We will never use your data for marketing purposes and will never pass on your data on to third parties for marketing purposes.
We will share your data if we are required to do so by law – for example, by a court order, or to prevent fraud or other crimes.
How long do we keep your data for, and how is it kept up-to-date?
We endeavour to make sure that we only keep your personal information for as long as we need to in order to carry out the RF’s activities, and to meet with legal and regulatory requirements.
Personal information in Editorial Express (EE) is stored indefinitely (as described in their own terms and conditions), unless you request them to delete it. This is in order that we can identify suitable referees to provide reports, as well as to contact authors about previously submitted papers. It is important to us that the information in EE is up-to-date. We, therefore, request that you periodically check whether the information is accurate, in particular, if you move to a new institution, or if your contact information changes. You can check and update any inaccuracies by logging into EE and changing the information in your profile. If you cannot remember your login details, please contact EE on firstname.lastname@example.org.
Information provided in emails will be archived after three years, and permanently deleted after seven. This is to ensure a complete record of all manuscripts submitted and all related correspondence. For example, sometimes authors are given revise-and-resubmit decisions but are unable to revise the paper for several years and so the paper has been assigned to a new Editor; this allows him/her to see the prior correspondence on the manuscript.
Payment information provided by you via our Referee Payment Form is deleted within a month of us processing your payment, except where you have let us know that you would like us to store it indefinitely to facilitate future payments. You can change this preference at any time by emailing us at email@example.com. Please note that this deletion policy does not include transaction records, since these are required by law to be kept for at least seven years for audit purposes, as explained above.
Where your data is processed and stored
As a journal with authors and subscribers all over the world, it’s necessary for the RF to work with an international team of editors and support staff. The RF team is not based in one location, and consists of academic and administrative staff who need to be able to access your information wherever in the world they are working from. For this reason, the ability to process your data outside of the EEA is necessary to the RF’s core activities. Where possible, we aim to ensure that such processing always takes place in the cloud, and that data is not physically stored on servers outside the EEA, except where covered by the EU-U.S. Privacy Shield, which guarantees compliance with GDPR regulations, or where you are given multiple options regarding how to interact with us (at least one of which does not require data transfer out of the EEA). More information is provided below.
Your data is predominantly stored and accessed in the EE database. EE’s servers are based in the United States, protected to GDPR-compliant standards under the EU-U.S. Privacy Shield Framework. If you want to view or update the information currently stored in the EE database, you can do this by logging into your account, or by contacting them on firstname.lastname@example.org.
PayPal uses a network of servers, some of which are located outside the EEA. While PayPal is the easiest way for us to make and receive payments, we understand that some authors and referees may not be comfortable with their payment information being transferred outside the EEA. If you are based in the EEA and do not want to use PayPal to send or receive money from us, please contact us at email@example.com and we will propose alternative options.
In addition to PayPal, we also use KBC Brussels bank. KBC Brussels is based in the EEA and is fully compliant with GDPR.
Information you provide to us via email, or by a Google-generated form (i.e. the Referee Payment Form) is stored in Google Workspace’s cloud servers, which are located inside the EEA.
Your agreements with other organisations
In some cases, while interacting with the RF, you will also have agreed to separate terms and conditions with one of our Data Processors or another third party – for example Editorial Express, PayPal or Google.
In any situation where interacting with the RF requires you to also agree to another organisation’s terms and conditions, please review them carefully to ensure you are happy with them. If you are ever not satisfied with the terms and conditions offered by one of our Data Processors or third party partners, please contact us at firstname.lastname@example.org and we will do our best to provide another means by which you can work with us. Please note that unfortunately this will not be possible in all situations, but we will always do our best to find an alternative solution.
Changes to this policy
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
If you would like to contact us to discuss our use of your data, please email us at email@example.com.