Privacy Policy

This is the privacy policy (“policy”) for the website (Cureus Clones) which is run and provided by Springer Science + Business Media LLC

Email: cureus-support@springernature.com (we, us and our).

We will only use the personal data gathered over this website as set out in this policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.

I. Summary of our processing activities

The following summary provides you with a quick overview of the processing activities that are undertaken on our website. You will find more detailed information under the indicated sections below.

When you visit our website for informational reasons without setting up an account, only limited personal data will be processed to provide you with the website itself (see section III).

  • In case you register for one our services or subscribe to our newsletter, further personal data will be processed in the scope of such services (see sections IV, V and VI).
  • Furthermore, your personal data will be used to provide you with interesting advertising for our services and products (see section VIII) and for statistical analysis that helps us to improve our website (see section IX). Additionally, we improve your website experience with third party content (see section X).
  • Your personal data may be disclosed to third parties (see section XI) that might be located outside your country of residence; potentially, different data protection standards may apply (see section XII).
  • We have implemented appropriate safeguards to secure your personal data (see section XIII) and retain your personal data only as long as necessary (see section XIV).
  • Under the legislation applicable to you, you may be entitled to exercise certain rights with regard to the processing of your personal data (see section XV).

II. Definitions

  • Personal data: means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.
  • Processing: means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or any kind of disclosure or other use.

III. Informational use of the website

When you visit our website for informational reasons, i.e. without registering for any of our provided services listed under IV and without providing us with personal data in any other form, we may automatically collect additional information about you which will contain personal data only in limited cases and which is automatically recognised by our server, such as:

  • the website from which you have been directed to our offer
  • the date and time of your requests
  • your device type, screen resolution and browser version
  • your internet service provider
  • information on your operating system, including language settings
  • information on the offers you have visited on our website

We use such information only to assist us in providing an effective service (e.g. to adapt our website to the needs of your device or to allow you to log in to our website), and to collect broad demographic information for anonymised, aggregated use.

The personal data automatically collected is necessary for us to provide the website, Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest to guarantee the website’s stability and security, Article 6 sec. 1 sent. 1 lit. f GDPR.

Personal data that is collected automatically is anonymized immediately and any personally identifiable information is properly erased.

IV. Registration for our services

Our website offers content and the option to obtain newsletters and special author services. In order to use the aforementioned services you have to set up an account. With regard to the registration of an account and its subsequent use, we process:

  • Information (such as your name and email address) that is provided by registration
  • Information in connection with an account sign-in facility (e.g. log-in and password details)
  • Communications sent by you (e.g. via e-mail or website communication forms)

Whenever you complete transactions using our website, e.g. requesting a newsletter, further data processing processes may take place, of which you will of course be separately informed.

We will process the personal data you provide to:

  • Identify you at sign-in
  • Provide you with the services and information offered through the website or which you request
  • Administer your account
  • Communicate with you
  • (behavioural) Advertising and profiling

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR

The use of your personal data for behavioural advertising and profiling is done for the legitimate interest to improve your experience while using the website, Article 6 sec. 1 sent. 1 lit. f GDPR.]

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your user account is used. After deletion of your account, your personal data will be blocked and erased with the next database clean up. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

V. Information about the specific uses that require registration/identification

For the use of the following services you have to set up an account as described under IV. Your customer account retains your personal data for future purchases and other activity. You can delete the personal data as well as the account in your account’s settings. This processing is based on Article 6 sec. 1 sent. 1 lit. b.]

  1. Online transactions

    By statutory law we are required to retain the provided financial data in relation to transactions (including address, payment and order information) for ten years. However, after 2 years we will restrict the processing of your personal data to comply with the statutory requirements and will not process the personal data any further. To delete or deactivate an account please contact Customer Service (customerservice@springernature.com). Regarding this, the retention of your personal data is based on Article 6 sec. 1 sent. 1 lit. c GDPR.

  2. Author services

    If you use the author services the required data are retained for the duration of the process plus a security period. Regarding this, the retention of your personal data is based on Article 6 sec. 1 sent. 1 lit. b GDPR.

    If you have qualified for an author discount for purchasing, the retention periods of the purchasing platform are applicable (see above).

  3. Customer service

    If you contact us by either

    • e-mail or physical mail
    • telephone or fax
    • Chat/messaging support
    • through a website communication or submission form

    we will process the personal data you provide to process and fulfil your request. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. a and b GDPR.

    To provide the requested service your data may be stored in a ticketing system and/or on a support platform to enable data access by the relevant customer support team member. Where appropriate the data will also be forwarded to a different team to fulfil the request (e.g. to update your data) or be used on physical data records, e.g. invoices. We may use generative AI to support us in providing the response or service requested; any output is subject to human oversight before being used.

    We do not process any sensitive data unless provided by you because you e.g. need support in coping with access issues due to a disability or reveal any protected characteristics during communication. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. a GDPR. We share anonymous, aggregated data within the business. We forward emails internally, or provide access to tickets for other teams to e.g. share positive feedback with a stakeholder, or for review by internal teams seeking to improve the products and services. For this the legal basis is Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve our service quality and provide tailored solutions to the customers.

    We store your data until completion of the request and, if applicable, as long as required by statutory retention requirements (e.g. for 3 years after completion to prove adequate handling of service requests or subject access requests made under the GDPR).

  4. Other services

    To provide the other functionality we need your log-in data to identify you and to provide the stored results. Other personal data are not collected or stored.

VI. Newsletter

With your email address you can subscribe to our newsletter that provides you with the latest news about our products and services if you consent to receiving such newsletters and may also contain topic-specific advertisements. The legal basis for this processing is Article 6 sec. 1 sent. 1 lit. a GDPR. Your email address will be retained as long as you subscribe to our newsletter.

This service is provided for registered users only (see section IV), you can also complete registration during ordering of a newsletter if you did not hold an account before.

You can unsubscribe from this service by opting out via the link provided in each newsletter.

VII. Automated decision making

We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you.

VIII. Online advertising

This website uses the online advertising services to present you with ads that meet your interests. Respective advertisement is labelled with the name of the provider, e.g. “Google-Ad”. Additionally, this service helps us to improve our website and to make your visit more interesting. In order to do so, we collect statistical information about you that will be processed by the provider. This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to promote our products and services.

  1. Cookies, Web-beacons

    Providers will be automatically informed about your visit on our website. For such purpose, a web beacon is used to place a cookie on your computer.

    Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider nor do we know the processing’s purpose or the period your personal data will be retained. Depending on the provider your personal data may be transferred to and processed in third countries, e.g. the United States. For further information about the potential risks of a cross border data transfer please refer to section XII.

    It is possible that a provider discloses your personal data to its business partners, third parties or authorities.

    You can prevent the installation of such a cookie

    • by a respective setting of your browser that blocks the installation of third party cookies,
    • by deactivating the provider’s interest-related advertising under the link mentioned in the provider details below,
    • or generally blocking cookies under e.g http://www.google.com/settings/ads/plugin

    Further information about the processing of your personal data in the provider’s course of operation is provided by its privacy policy. Moreover, you will be provided with further information with regard to your rights and settings concerning privacy. You can access the provider’s privacy policy by following the link in the provider details below.

  2. Criteo

    We use the Criteo-Service to advertise on our site and third party websites to previous visitors of our site. Criteo-Service is operated by Criteo SA, Rue Blanche, 75009, Paris, France http://www.criteo.com

    The advertisements are displayed on the basis of information that is stored in cookies which Criteo places on your computer. The text files include information, on your visit of our website, in particular product views that is read-out in the course of subsequent visits of this or third party websites for specific product recommendations. The cookie includes a random alias. In case you visit our website within a certain period of time and view our products, Criteo is able to recognize you by means of the alias. However, the information cannot be attributed to you personally. We or Criteo will not merge this information with your personal data and will not disclose any of your personal data to any third party. You can prevent the storing and using of information in a cookie placed by Criteo by clicking on the following link http://www.criteo.com/en/privacy-policy and using the controller next to “Opt-Out” by switching it to “ON”.

    When you opt-out, a new cookie (Opt-Out-Cookie) is placed in your web browser that tells Criteo to cease data collection from and ad delivery to your browser. You can opt-in to Criteo’s ads again at any time by switching the controller to “OFF”. Please be aware that this configuration will be necessary for each of your browsers. In case all of your cookies in a browser are deleted, also the Opt-Out-Cookie of Criteo will be affected.

  3. Google Adwords

    We use Google Adwords to advertise on our site and third party websites to previous visitors of our site. Google Adwords is provided by Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

    The advertisements are displayed on the basis of information that is stored in cookies which Google places on your computer. The text files include information, on your visit of our website, in particular product views that is read-out in the course of subsequent visits of this or third party websites for specific product recommendations. The cookie includes a random alias. In case you visit our website within a certain period of time and view our products, Google is able to recognize you by means of the alias. However, the information cannot be attributed to you personally. We or Google will not merge this information with your personal data and will not disclose any of your personal data to any third party. You can prevent the storing and using of information in a cookie placed by Google by clicking on the following link http://www.google.de/ads/preferences and configuring your preferences there.

    For more information about Google privacy policies see https://privacy.google.com/intl/en/# and https://www.google.com/policies/privacy/?hl=en

  4. Microsoft Bing Ads

    We use Bing Ads to advertise on our site and third party websites to previous visitors of our site. Bing Ads is provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Phone: (+1) 425-882-8080 (“Microsoft”).

    The advertisements are displayed on the basis of information that is stored in cookies which Microsoft places on your computer. The text files include information, on your visit of our website, in particular product views that is read-out in the course of subsequent visits of this or third party websites for specific product recommendations. The cookie includes a random alias. In case you visit our website within a certain period of time and view our products, Microsoft is able to recognize you by means of the alias. However, the information cannot be attributed to you personally. We or Microsoft will not merge this information with your personal data and will not disclose any of your personal data to any third party.

    You can prevent being tracked by choosing the appropriate preference in the privacy options of your browser or disable cookies. For more information about Bing Ads security see https://secure.bingads.microsoft.com/. For more information about Microsoft privacy policies see https://privacy.microsoft.com/de-de/privacystatement# or contact the data controller office Microsoft Ireland Operations, Ltd., Attn: Data Protection, Carmenhall Road, Sandyford, Dublin 18, Irland.

  5. Adroll

    We use Adroll to advertise on our site and third party websites to previous visitors of our site. Adroll is provided by Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

    The advertisements are displayed on the basis of information that is stored in cookies which Adroll places on your computer. The text files include information, on your visit of our website, in particular product views that is read-out in the course of subsequent visits of this or third party websites for specific product recommendations. The cookie includes a random alias. In case you visit our website within a certain period of time and view our products, Adroll is able to recognize you by means of the alias. However, the information cannot be attributed to you personally. We or Adroll will not merge this information with your personal data and will not disclose any of your personal data to any third party.

    Adroll adheres to the European Interactive Advertising Digital Alliance (EDAA) guidelines and you can prevent the storing and using of information in a cookie placed by by clicking on the following link http://www.youronlinechoices.com/ and configuring your preferences there.

    For more information about Adroll privacy policies see https://www.adroll.com/en-IE/about/privacy and https://www.adroll.com/en-IE/about/trust-center

  6. Baynote

    We use Baynote to advertise on our site and third party websites to previous visitors of our site. Baynote is provided by KIBO Software Inc., 717 North Harwood St. STE. 1900 Dallas, TX 75201, US (“Kibo”).

    The advertisements are displayed on the basis of information that is stored in cookies which Kibo places on your computer. The text files include information, on your visit of our website, in particular product views that is read-out in the course of subsequent visits of this or third party websites for specific product recommendations. The cookie includes a random alias. In case you visit our website within a certain period of time and view our products, Kibo is able to recognize you by means of the alias. However, the information cannot be attributed to you personally. We or Kibo will not merge this information with your personal data and will not disclose any of your personal data to any third party.

    You can prevent being tracked by choosing the appropriate preference in the privacy options of your browser or disable cookies. For more information about Kibo privacy policies see https://kibocommerce.com/privacy

  7. CJ Affiliate (former Commission Junction)

    We use affiliate networks operated by CJ (https://www.cj.com). Whenever you are referred to our website by an advertisement on a website that is part of these affiliate networks (affiliate), the fact that you are coming from that website will be recorded. For this purpose, the respective company will set a cookie. If you make a purchase on our website or revisit our website within a certain period of time, the respective companies will be able to recognize you and attribute any purchases you make to the affiliate. A random pseudonym will be used so that this information cannot be linked to you personally. We will not combine this information with your personal data nor forward any personal data on you to third parties.

    You can prevent being tracked by choosing the appropriate preference in the privacy options of your browser or disable cookies or delete the cookie.

  8. Google AdWords Remarketing and Facebook Custom Audience

    In this Website, we use the remarketing or “Similar audiences” feature of AdWords offered by Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, hereinafter referred to as “Google”.

    Google uses Cookies/tracking technologies, i.e., text files that are stored on your computer and that allow us to analyze your use of our Website. Information generated by Cookies/tracking technology on your use of this Website (including your IP address) will be transferred to a Google server in the U.S. and stored on that server. After that, that last three digits of the IP address will be deleted by Google so that it is no longer possible to clearly match this IP address with personal data. Google will use this information to analyze your use of the Website, to create website activity reports for the website operators and to provide additional services in connection with the use of the Website and the Internet. Furthermore, Google may transfer this information to third parties, if it is required to do so in accordance with statutory provisions or if third parties process data on behalf of Google.

    Third party providers, including Google, place advertisements on websites on the Internet. Third party providers, including Google, use stored Cookies/tracking information to place advertisements based on previous visits of a user on this Website.

    For additional information on the anonymous analysis of your search behavior please refer to:

    You may object to data collection and storage for the purpose of remarketing at any time - this objection will be effective for the future, but not retroactively - by deactivating interest-based advertising in Google or by deactivating the services on the website of the Network Advertising Initiative. Note: in that case, you may not be able to use all features of this Website anymore. By using this Website, you grant your consent to the processing of data collected about you by Google in the manner and for the purpose described above.

    Furthermore, this Website uses retargeting tags and Custom Audience of Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304 U.S., hereinafter referred to as “Facebook”.

    When you visit our web pages, remarketing tags will build a direct connection between your browser and the Facebook server. This way, Facebook learns that you have visited our web page with your IP address. This will enable Facebook to match your visit of our pages with your user account. The information obtained this way can be used to display Facebook ads. Please note that we as the provider of the web pages do not receive any information on the contents of data transferred and their use by Facebook.

    With regard to the use of Custom Audience we would like to point out that Facebook and third parties use cookies, web beacons or similar technologies to collect or gather information on this Website. Based on the data gained we can make our Facebook activities more efficient and, e.g., arrange for contents or ads to be shown only to visitors of our Website. The data collected this way will encrypted and transferred to Facebook and is anonymous for us, e.g., we cannot see personal data of individual users.

    For further information on the privacy policy of Facebook and Custom Audience please refer to

    If you do not wish your data to be collected via Custom Audience, you can deactivate Custom Audience using this link.

  9. SAP Marketing Cloud (SMC)

    SMC uses cookies, Google Analytics, and a pseudonymized user ID to aggregate user behaviour on the website and in emails in order to personalize the content that is provided to newsletter subscribers. Google Analytics does not receive individual email addresses or other personal data, only a number. That number can only be connected to a specific user on Springer Nature's own SMC system. The legal basis for this process is your consent to the use of cookies on our website (Article 6 sec. 1 sent. 1 lit. a GDPR.). You can always unsubscribe from this process by rejecting the cookies that measure website use.

  10. Hotjar

    Hotjar is a behaviour and analytics software provided by Hotjar LTD, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta.

    We use Hotjar in order to better understand our users’ needs and to optimize our service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices and may include recording of sample behaviours. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. a GDPR and reflects your consent to non-essential cookies.

IX. Analysis

For statistical analyses we use web analytics services to collect information about the use of this site.

  1. General tracking information

    The tools collect information such as

    • Device and browser information (operating system information, Mobile device identifier, mobile operating system, etc.)
    • IP address
    • Page accessed, URL click stream (the chronological order of our internet sites you visited)
    • Geographic location
    • Time of visit
    • Referring site, application, or service

    We use the information we get from the providers only to determine the most useful information you are looking for, and to improve and optimise this website. We do not combine the information collected through the use of the tools with personal data.

    Depending on the provider the information generated about your use of the website may be transferred to and processed in third countries, e.g. the United States. For further information about the potential risks of a cross border data transfer please refer to section XII. The tools collect only the IP address assigned to you on the date you visit this site, rather than your name or any other identifying information. The provider will use this information in order to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet use to us.

    The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyse our website’s traffic to improve the user’s experience and to optimise the website in general.

  2. Google Analytics / Google Tag Manager

    We use Google Analytics, a web analytics service provided by Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). On our behalf Google will use the information generated by a cookie for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet activity in connection with the use of the website.

    We have activated the IP-anonymisation within the Google Analytics service, and your IP address will be truncated within the area of member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-address your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

    You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. In addition to that you may prevent the collection of the information generated by the cookie about your use of the website (including you IP address) and the processing of this data by Google if you download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout

  3. Opt Out

    You maintain at all times the right to completely disallow the collection and saving of your data. To do so, please click here

X.Third party content and social media plug-ins

This website may contain links to third party websites. We are not responsible for the content and the data collection on respective third party websites; please check the privacy policy of respective websites for information of respective websites’ data processing activities.

  1. Social media plug-ins

    We use the following social media plug-ins: Facebook, Google+, Twitter. This allows you to communicate with such services and like or comment from our website. Social media plug-ins enable a direct communication between your device and the servers of the social media provider, allowing the social media provider to communicate with you and collect information about you browsing our website. This processing is based on Article 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to improve your website experience and to optimise our services.

    Transfer of personal data takes places whether you have an account with the provider or not.

    Please note that we neither have the control of the extent of personal data that is collected by the respective plug-in provider nor do we know the processing’s purpose or the period your personal data will be retained.

    Further information about the processing of your personal data in the provider’s course of operation is provided via their respective privacy policy. Moreover, you will be provided with further information with regard to your rights and setting concerning privacy.

    1. Facebook Social Plugins

      We use so-called social plugins ("plugins") of the social networking site facebook.com provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins can be identified by one of Facebook’s logos (white “f” on blue tile or a “thumps-up”-sign) or by the additional text “Facebook Social Plugin”. The list of Facebook Social Plugins and their appearance can be accessed via: http://developers.facebook.com/plugins.

      If a user visits one of the websites using such a plugin, the user’s browser directly connects to Facebook’s servers. The plugin and its content are made available directly on Facebook’s servers and included in the website by the user’s browser.

      Due to the integration of the plugin Facebook collects the information that a user is visiting the corresponding website. If the user is logged in on Facebook at the moment he or she visits the website, Facebook may be able to connect the visit on the website to the user’s Facebook account. If the user interacts with the plugin – for example if he or she presses the like button or comments on something – the user’s browser transmits this information to Facebook. Facebook stores this information. If a user is not a member of Facebook, Facebook may collect and store the user’s IP-address. Facebook states that it only collects anonymized IP-addresses in Germany.

      The reason for and scope of the data acquisition and information about the way in which the data is processed and used by Facebook, as well as the user’s rights in this respect and settings options for protecting the users privacy can be found under: http://www.facebook.com/policy.php.

      If the user is a member of Facebook and does not wish Facebook to collect personal data via this homepage and to link this with his data stored on Facebook, the user needs to log off from Facebook before going to this homepage.

      The user may also block Facebook’s plugins using add-ons for the user’s browser, for example the "Facebook Blocker".

    2. Google’s +1-button

      We use the “+1”-button of the social network Google Plus provided by Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The button is market using the sign “+1” on a white or colored background.

      If a user visits one of the websites using such a button, the user’s browser directly connects to Google’s servers. The “+1”-button and its content are loaded directly from Google’s servers and included in the website by the user’s browser. According to Google’s statements, personal data is only collected, if a user that is a Google Plus member and logged in on the network at the time of clicking on the “+1”-button.

      The reason for and scope of the data acquisition and information about the way in which the data is processed and used by Google, as well as the user’s rights in this respect and settings options for protecting the users privacy can be found in Google’s privacy statement relating to the “+1”-button: http://www.google.com/intl/de/+/policy/+1button.html.

    3. Twitter

      We use the twitter-button. The button is provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. (“Twitter”) The buttons are marked using the text “Twitter” or “Follow” and a stylized blue bird. The button enables the user to share an article or a website of this homepage on Twitter or to follow the provider on Twitter.

      If a user visits one of the websites using such a button, the user’s browser directly connects to Twitter’s servers. The Twitter-button and its content are loaded directly from Twitter’s servers and included in the website by the user’s browser. According to the provider’s knowledge, Twitter collects the user IP-address and the website’s URL when the button is loaded from Twitter’s servers. However, this data is only be used for loading and displaying the Twitter-button.

      Further information can be found in Twitter’s privacy statement under: https://twitter.com/privacy.

      Should you have any questions regarding our privacy policy, please contact us via the e-mail address dataprotection@springer.com.

XI. Information sharing

Where personal data is disclosed to third parties for the purposes mentioned above the legal basis for the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR. Some of the recipients may reside outside the EEA. For further information about cross border transfer in general and transfers outside of the EEA see section on Cross border data transfers.

We may disclose your personal data to contractors/data processors who assist us in providing the services we offer through the website. Such a transfer will be based on data processing agreements (Art. 28 GDPR). Therefore, our contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests.

In the event that we undergo re-organisation or are sold to a third party, any personal data we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law.

We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order). The legal basis for this will be Article 6 sec. 1 sent. 1 lit. c GDPR (in conjunction with the respective national law).

  1. Peer Review and Author Services

    In the course of providing our peer review services, your data may be accessed by different members of the editorial team such as editors and assistant to the editorial office. To determine the locations of the Editorial board members, you may refer to a journal’s homepage. Granting access to your personal data and the respective processing activity will be based on our and the legitimate interest of the respective society publishing the Journal in successfully publishing high quality articles and papers and ensuring the quality and significance of the respective research published in our journals, products and databases, Article 6 sec. 1 sent. 1 lit. f GDPR. In order to do so we and/or the respective society may process your personal data to find, contact and evaluate suitable and qualified peer reviewers within the relevant research community.

    Your personal data will be transferred to and processed inside and outside of the EEA. For further information on cross border data transfer, please refer to section on Cross border data transfers.

    As an author we’ll share your personal data with third parties, like your institution or employer. This is required to manage and approve payment of associated Preferred Editing (PE) Fee in order to fulfill the publication of your manuscript. The legal basis is Art. 6 (1) 1 lit. b GDPR.

    By submitting your article for consideration, you acknowledge that if you are recognised as affiliated to an institution or funder with a Springer Nature open access agreement, your name and contact details may be shared with a representative from that institution or funder in order for us to verify whether they agree to cover, in full or in part, the Preferred Editing (PE) fee that is payable upon initial acceptance of submitted articles. For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR, to fulfil our contractual obligations to you.

    Should you choose not to follow the open access route to publication we may still share your personal data with the institution or funder you’re affiliated with. Importantly we will only do this post publication to ensure there’s no bearing on the evaluation of your submission prior to acceptance. The legal basis to share your data in this instance is Article 6 sec. 1 sent. 1 lit. f GDPR, our legitimate interest to develop and improve our open access program to the benefit of authors and the scientific community generally.

    Customer service, administrative, operational and systems support is provided by other entities of the Springer Nature Group and third party contractors (together “Contractors”). We may disclose your personal data to Contractors who assist us in providing the services we offer through the Submission and Peer Review System. Such a transfer will be based on data processing agreements in accordance with Article 28 of the GDPR. Therefore, our Contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests. Further services, provided by third party technology and service providers, are similarly bound by data processing agreements.

  2. Usage Reports

    We may disclose anonymous aggregate statistics about users of the website in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personal data. We also supply standardized usage reports to institutional customers, also known as Counter Reports.

    For more information on Counter Reports - https://www.projectcounter.org/code-of-practice-sections/usage-reports/

    In addition to the above mentioned anonymous reports and by special arrangement:

    When you read research journals and eBooks or use database products, we will process your personal data to create usage reports. For journals and eBooks this will include your full text HTML and PDF downloads, your IP address and potentially your email address. This data is necessary for the usage report as it provides information on the usage and overall interest in a particular journal or group of journals or eBooks.

    The legal basis is Art. 6 (1) 1 lit. f GDPR. We have a legitimate interest to assess and evaluate the use of our content to be able to improve our services. We will retain this data securely for ongoing internal analysis and future reference.

    We may share the usage data with licensee under whose license you are accessing and using our services, (e.g. your employer, the institution you are a member to, your university etc. “Licensee”). The legal basis is Art. 6 (1) 1 lit. f GDPR. The Licensee has a legitimate interest in using the usage data to assess and evaluate the economic efficiency of its license for our content. Based on this evaluation, the Licensee will be able to determine e.g. the necessity to obtain more licenses or reduce the number of licenses or to allocate costs internally. Further, the usage data may allow the Licensee to request contributions or funding. The Licensee is contractually limited to use using the usage data for no other purposes than these economic efficiency assessment purposes.

    In addition, we ourselves have a legitimate interest in enabling the Licensee to use the usage data to conduct respective evaluation and assessments is also in our interest as it makes our service more attractive for the Licensees.

    If the Licensee resides outside the EEA, the transfer is safeguarded by a Commission’s adequacy decision or EU Standard Contractual Clauses. You can find further information about the aforementioned safeguards by contacting onlineservice@springernature.com.

    You may object to the transfer of the usage data to the Licensee at any time without reason by sending an email to onlineservice@springernature.com.

XII. Cross border data transfers

Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.

In the case of a transfer outside of the EEA, this transfer is safeguarded by EU Model Clauses. You can find further information about the aforementioned safeguards by contacting the Group Data Protection Officer via dataprotection@springer.com

XIII. Security

We have reasonable state of the art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.

XIV. Data retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.

XV. Your rights

Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:

  1. require (i) information as to whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
  2. request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
  3. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
  4. object, on grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
  5. take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators;
  6. require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
  7. not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.

XVI. Contacting us

Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to our Group Data Protection Officer. You can contact our Group Data Protection Officer via dataprotection@springer.com.

The information you provide when contacting us ( cureus-support@springernature.com ) will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

XVII. Amendments to this policy

We reserve the right to change this policy from time to time by updating our website respectively. Please visit the website regularly and check our respective current privacy policy. This policy was last updated on 2 March 2024



For using Google’s reCaptcha, Springer Nature is likely required to collect the consent from its users, preferably through a cookie banner. The privacy policy should be amended accordingly. Data protection risks will likely remain, though, due to the lack of information provided by Google on purposes and data categories processed. Please note that we have based our analysis on “Google reCaptcha Enterprise”, the business version of Google reCaptcha. However, based on our research, there should be no difference in legal assessment for other current reCaptcha versions.

In detail:

When using Google reCaptcha, cookies are dropped and device and applications data is transferred to Google. As Google does not offer to process the transferred data under a DPA but regards itself a controller of the data, the transfer happens from controller to controller, and the data transfer to Google must be justified under Art. 6 GDPR. Furthermore, the collection of information on user devices, which happens through the setting of the cookie, must be compliant with the ePrivacy-Directive.

  1. Requirement of consent

    reCaptcha can likely only be implemented based on user consent. Under the ePrivacy-Directive, the setting of a cookie on a user’s device requires consent, unless it is strictly necessary to provide a service the user has explicitly requested. We do not believe that this exception applies.

    • Google itself obliges Customers who use reCaptcha to collect consent from end users of their websites.
    • Further, the French data protection authority CNIL has issued a fine in 2023, among others for not collecting consent for the use of Google reCaptcha. The CNIL explicitly states that the storing of a cookie through reCaptcha requires consent as it does not only serve a technically necessary purpose but also the purpose of “analysis” as Google stated itself in the previous version of its Google Cloud Platform Terms.
    • Moreover, even if Google states that it does not use the collected information for “personalized advertising” purposes, it remains unclear if Google limits information collection to such information needed for technically necessary purposes.

  2. Amendment of cookie banner and privacy policy

    Springer should amend the cookie banner and privacy policy accordingly:

    • You should integrate Google reCaptcha in the existing website cookie banner and should ensure that the respective cookie set by Google reCaptcha is only set after the user has declared their consent. The banner should ideally explain what Google reCaptcha is, for what purpose it is used and what categories of data are processed.
    • Springer Nature should preferably add to the privacy policy a section about the use of Google reCaptcha.

  3. Lack of information on purposes and data categories

    Ideally both the cookie banner and the privacy policy should inform about the purposes and data categories that are processed by Google. However, Google does not provide precise information, neither on the purposes nor on the data categories processed. Google merely states that “reCaptcha Enterprise collects hardware and software information, such as your device and application data […] to provide, maintain, and improve reCaptcha Enterprise and for general security purposes”.

    We suggest to take over this wording and add data categories that are likely processed by Google. However, as set out above, due to the lack of information there remains a risk that the description of data categories is regarded insufficient for GDPR compliance.

  4. Transfer of personal data to the US

    Third country transfer obligations apply as personal data may be transferred to Google servers in the US (lawfulness should be established through the Data Privacy Framework under that Google is certified; the privacy notice should mention this in the cross-border transfer section).