Last Updated 30 March 2021
The Review of Finance (RF) takes the privacy and security of your personal information seriously. As the official journal of the European Finance Association (EFA) we are based within the European Economic Area (EEA).
It is important that you read this Privacy Notice together with any other Privacy Notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and privacy policies and is not intended to override them.
RF is located at Passage du Nord 19, 1000 Brussels, Belgium, and is the “Data Controller” of your personal data processed under this Privacy Notice. As the Data Controller, the RF is ultimately responsible for the privacy and security of the personal data you give to us. In order to carry out our day-to-day activities, we work with a number of Data Processors and third party organisations, each of whom we have comprehensive agreements in place with, to ensure GDPR-compliant management of your information
Please review the information on this page to find out more about how we, and our Data Processors, collect, process, and store your data.
The data we need
We only collect basic personal data about you which does not include any sensitive or location-tracking information. We collect this information both directly and indirectly, as described below. The personal data we collect from you includes:
- Information you enter into Editorial Express (EE) including your name, email address, mailing address, title, and phone number. Please note that when you sign up for EE you also agree to their own terms and conditions governing the use of your information. This Privacy Notice only covers the use we at RF make of your information, and not the use made of it by EE, or by any of the other journals or organisations with whom they work, where you have agreed to this. Please review the section on ‘Your agreements with external organisations’ for more information.
- Information contained in emails, including your email address, if you contact us (including replying to an email we have sent to you) at email@example.com.
- Information contained in emails, including your email address, that you send to one or more of the journal’s editors (including replying to an email they have sent to you), whether directly, or through EE.
- The payment information provided by you, either by email, within PayPal, or through a Google Form, to allow us to make a payment to you. This payment information may take the form of bank details or an email address associated with your PayPal account.
- Information you provide on any form we ask you to fill out, for example, an Article Information Page in respect of an Accepted Manuscript (where you provide personal, rather than institutional, information).
Why we need it
We use your information in order to carry out the core activities of the Review of Finance. We set these activities out below. Unless otherwise stated, our lawful basis for processing your personal data for these purposes shall be our legitimate interest in conducting RF’s business:
- To contact you about a submission you have made to the RF.
- To contact you to request that you provide a referee report for the RF.
- To identify whether your research interests are suitable to ask you to provide a referee report for the RF.
- To respond to your questions or queries.
- To pay you for providing an on-time referee report.
- To refund or part-refund your manuscript submission fee.
- To provide detailed address information on payment invoices in accordance with EU regulations.
- To contact you about the RF’s annual awards, for example, the Best Paper Award, and the Distinguished Referee Awards.
- To provide you with important updates about the RF.
We do not process your personal data to make automated decisions (including profiling) that will have a significant or legal effect on you.
Who we share your data with
This section describes how we share your personal data with third parties. Unless stated otherwise, we share your personal data with such third parties on the basis of our legitimate interest in conducting RF’s business.
We predominantly access your information through EE. We use the information in EE to carry out the journal’s core activities, as described above.
Some of the information you provide in emails is shared with the journal’s editors, in order to allow them to receive information from you, correspond with you about a manuscript you have submitted, or about which you have written a referee report, and to respond to any queries you may have.
We use payment information you provide us with in order to make and receive payments and to generate invoices. We do this in order to fulfil contractual obligations to you.
We may occasionally use your data for analytical purposes, for example, to identify which countries’ submissions to the RF originate from. Any output from such activities that is shared beyond the RF team is always completely anonymised.
We will never use your data for marketing purposes and will never pass on your data on to third parties for marketing purposes.
We may also share your personal data with third parties in the following situations:
- If we are required to do so by law – for example, by a court order, or to prevent fraud or other crimes.
How long do we keep your data for, and how is it kept up-to-date?
We endeavour to make sure that we only keep your personal data for as long as we need to in order to carry out the RF’s activities, and to meet with legal, regulatory or other requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, or other requirements.
If you have a query about how long we keep your personal data for, please contact us using the details set out in the “Contact us” section below.
Where your data is processed and stored
As a journal with authors and subscribers all over the world, it’s necessary for the RF to work with an international team of editors and support staff. The RF team is not based in one location, and consists of academic and administrative staff who need to be able to access your information wherever in the world they are working from. For this reason, the ability to process your data outside of the UK/EEA is necessary to the RF’s core activities.
Whenever we transfer your personal data out of the UK/EEA, and where such transfers are not subject to exemptions or derogations under data protection law, we ensure a similar degree of protection is afforded to it. In doing so, we ensure at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- Where we share your personal data with certain third parties (including service providers), we may use specific contracts approved for use in the UK/EEA which give personal data the same protection it has in the UK/EEA.
If you would like further information on how we transfer your personal data out of the UK/EEA, please contact us using the details set out in the “Contact us” section below.
Your agreements with other organisations
In some cases, while interacting with the RF, you will also have agreed to separate terms and conditions with one of our Data Processors or another third party – for example Editorial Express, PayPal or Google.
This Privacy Notice does not override any agreements you may make with any other organisation, and the RF is not responsible for any use that is made of your personal information by another organisation. We recommend that you check the privacy notices of such third parties, if you would like to know more about how they process your data.
In any situation where interacting with the RF requires you to also agree to another organisation’s terms and conditions, please review them carefully to ensure you are happy with them. If you are ever not satisfied with the terms and conditions offered by one of our Data Processors or third party partners, please contact us at firstname.lastname@example.org and we will do our best to provide another means by which you can work with us. Please note that unfortunately this will not be possible in all situations, but we will always do our best to find an alternative solution.
Your data rights
Under certain circumstances, you have the following rights under data protection law in relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us using the details set out in the “Contact us” section below.
Your right to complain
You also have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk or to the data protection regulator in the country where you live or work. We would, however, welcome the opportunity to deal with your complaint before you do so. If you have any queries in relation to how we process your data, please contact us using the details set out in the “Contact us” section below.
Changes to this policy
We may change this Privacy Notice from time to time, and any changes will apply to you and your data effective immediately. Each time the Privacy Notice is updated the Review of Finance will publish the updated version on its website http://revfin.org/.
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
If you would like to contact us to discuss our use of your data, please email us at email@example.com.