An official Cochrane policy. Last updated September 2020.
- About us
- When do we collect your personal data?
- What data do we collect?
- How do we use your personal data?
- Disclosure: Do we share your personal data?
- How do we protect your personal data?
- Transfers of data outside of the EEA
- How long do we keep your personal data?
- What are your rights in relation to your personal data?
Cochrane ("Cochrane", "we", "us") are committed to protecting the privacy and security of those whose personal data we process. We acknowledge the need to protect personal data that is collected by or disclosed to us and to manage it in accordance with the Data Protection Act 2018 and EU General Data Protection Regulation 2016/679 (GDPR).
Please read this policy carefully to understand how we collect and use (process) your personal data during and after your relationship with us, in accordance with applicable Data Protection Laws.
We will review this Privacy Statement regularly to comply with our legal obligations. We will notify you of any important changes, but please check back for updates at any time.
Cochrane is for anyone interested in using high-quality information to make health decisions. Whether you are a healthcare professional, patient or carer, researcher or funder, Cochrane evidence provides a powerful tool to enhance your healthcare knowledge and decision making. As a data controller we have legal obligations to ensure that we only use your data in a fair, transparent and secure manner. If you have any questions regarding this privacy notice, our use of your data or wish to exercise any of your legal rights under data protection law, please contact firstname.lastname@example.org.
When do we collect your personal data?
We collect personal data when you interact with Cochrane. We make it clear when and why your data is being collected. In most cases the personal data that we process will be provided by you. This includes details provided when:
- Accessing Cochrane websites and online resources
- Creating a Cochrane Account
- Completing an activity with us
- Contacting our support services
- Filling in a form on our websites
- Signing up for a newsletter
- Attending a Cochrane event or visiting our offices
What data do we collect?
We collect the minimum personal data required for your interaction with Cochrane.
- Visitors to Cochrane websites
- Cochrane Account holders
- We collect basic personal data when you sign up for a Cochrane Account. This includes your name, email address and country of residence. You may choose to provide further information, such as the languages you speak and your healthcare interests. Please see the Cochrane Account terms and conditions for further information.
- Cochrane contributors
- Subscribers to paid services
- When you make a payment on our website via WorldPay (the data controller), the details will be stored in accordance with the WorldPay Privacy Notice. If you provide Cochrane with financial or payment details, these will be held for seven years following the relevant transaction.
- Cochrane event participants and visitors to our offices
- We collect registration information including dietary and access requirements. Our premises may be monitored by CCTV.
The accuracy of your information is very important to us. As a Cochrane Account holder you can login to your Cochrane Account at any time to update your personal details. If you are unsure how to update your personal information, please get in touch with us at email@example.com.
We may request personal data such as gender and/or date of birth in order to monitor and improve the diversity of our community and to support the advancement of charitable objectives and outreach activities. Where data are used for diversity monitoring, they are anonymised for processing. You can choose not to provide this data.
Special category data
Data protection legislation recognises that certain ‘special categories’ of data are more sensitive. These include information relating to health, race, ethnic origin and political or religious beliefs. We only ask for special category personal data if there is a specific need for this. We will use it only for the purpose for which is was provided, such as to refer patients and carers with specific health issues to relevant Cochrane Reviews or Cochrane groups and only ever with your explicit consent
How do we use your personal data?
We use your personal data to give you the information, services, or products you ask for. We can also use your personal data for administrative purposes, to let you know about changes within Cochrane and to inform you of other Cochrane activities. We will only use your data within Cochrane for the purposes for which it was obtained. We do not use automated decision-making processes. As a Cochrane Account holder you can control your communication preferences in your Cochrane Account. Communications with our members are in accordance with our Membership Terms and Conditions. We will only use your personal data when the law allows us to. This is likely to be limited to the following examples:
- To provide the services that you have requested as part of a contract with us, for example to enrol you to attend a conference
- For our own internal record keeping where there is either a legal requirement for us to do so or where it is in our legitimate interest
- To control access to, and/or provide security at our offices where it is in our legitimate interest to do so
- To send you newsletters and other communications promoting our work where you have consented to this or where it is necessary as part of a contract we have entered in to with you. As a Cochrane Account holder you can control your communication preferences in your Cochrane Account. Communications with our members are in accordance with our Membership Terms and Conditions.
- Where it is in our legitimate interest to do so, to send you invitations by email to take part in surveys so that we can understand the views and opinions of our community members and wider audience. You can opt-out from receiving survey invites either by contacting us or by clicking on the unsubscribe link in the survey. Respondent data is aggregated.
Disclosure: Do we share your personal data?
Cochrane will not share or sell your personal data with any third party for marketing purposes and you will not receive offers from other companies or organizations as a result of giving your details to us. We do not share your personal data with third parties unless we have your consent or are required to do so by law. We work with partner organizations who provide services related to review production and payment processing. These organizations meet our high standards for data security and will provide further information on how your data are used, in their own privacy policies.
We may pass your information to third party service providers and other associated organizations for the purposes of completing tasks and providing services to you on our behalf. When using third party service providers we only disclose the personal data that is necessary to deliver the service. We have a contract in place that requires them to keep your information secure and prohibits them from using your data for their own purposes. All contractors are subject to a duty of confidentiality. Third parties (and data processors) may include: our CRM provider, auditors, web hosting company, email marketing platform (Mailchimp), content management system provider (Aries Systems) and Wiley.
How do we protect your personal data?
We take appropriate physical, electronic and managerial measures to ensure that we keep your data secure. We undertake regular IT security and data protection auditing to ensure our systems meet the expectations of the law and those of our clients. Those of our employees and contractors who have access to personal data are required to undertake data protection training.
Transfers of data outside of the EEA
We may transfer your personal information to third party data processors who are based in countries outside the European Economic Area (EEA). We use some US-based companies that provide IT, communications and data analytics services such as Mailchimp, SurveyMonkey and Google Analytics. We only use US-based organizations that have signed up to the EU Contractual Clauses scheme. We will not transfer your information to any processors based in other countries outside the EEA unless there is a European Commission adequacy decision for the specific country to which the data is transferred, or where we can be certain that there are adequate safeguards provided for your information and individual rights standards that meet the GDPR requirements.
How long do we keep your personal data?
We will retain your personal data as long as is necessary to provide the services to which you have requested, or where we have another legitimate and lawful reason to do so. Different Cochrane departments and groups have specific data retention schedules related to their areas of activity. For instance, personal data included in documents related to review production, may be archived by review groups for our editorial records. These data will be stored securely. We may need to retain some information to comply with our legal obligations such as financial and accounting records. In most cases we will delete your data 7 years after your last transaction with us.
What are your rights in relation to your personal data?
- Ask us to correct your personal data if information is inaccurate, out of date or incomplete. You can also manage your current details and communications preferences yourself in your Cochrane Account.
- Ask us to provide a copy of the data we hold about you.
- Withdraw your consent at any time, if we have asked for your consent to process certain data. You can also ask us to stop processing the data if we have no other legitimate reason for doing so.
- Ask us to delete the data we hold about you. If we need to continue holding this information (for example, if you are a published author) we will explain our reasons for this and how the data will be stored.
To exercise any of these rights or if you have any questions about our Privacy Notice please contact firstname.lastname@example.org.
You can also address queries to:
Information Support Officer
11-13 Cavendish Square
Telephone: +44 207 183 7503
While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR or have any wider concerns about our compliance with data protection law. You can do so by calling the ICO helpline on +44 303 123 1113 or via their website.
We keep our privacy notices under regular review. This notice was last updated on 18 September 2020.
Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it, but we won't set these optional cookies unless you enable them. You can find more information about the individual cookies we use and the purposes for which we use them in the table below.
Our websites ask you to consent before we place cookies on your machine. You can always change your cookie preferences at any time by clicking on the ‘Cookies settings’ link in the footer of every page. Alternatively, most web browsers allow some control of most cookies through the browser settings. Please refer to the help information contained in your browser or search the internet for ‘How to disable cookies’ or for even more specific components like the ‘Google Analytics Opt-out Browser Add-on’.
Table: Use and storage of cookies on our websites
|Name||Purpose||Default Expiration Time|
SESS[id], JSESSIONID[id], JPHPSSID[id]
|To remember your selections or preferences that you’ve already made when looking at information or using a service.||when you exit the browser|
__utma, __utmb, __utmc, __utmt, _utmv, __utmz, _g, _ga, _gat, _gid
|These cookies are used by Google Analytics, the system we use to allow us to collect anonymous information about our visitors for statistical purposes. More information.||_utma: 2 years
_utmb: 30 mins.
_utmc: when you exit the browser
_utmt: 10 minutes
_utmv: 2 years
_utmz: 6 months
_ga: 2 years
_gat: 1 minute
_gid: 24 hours
|_pk_ref, _pk_cvar, _pk_id, _pk_ses, mtm_consent, mtm_consent_removed, mtm_cookie_consent||www.cochrane.org uses Matomo for website analytics. The data collected is not shared with any third party. More information.||_pk_id: 13 months
_pk_ref: 6 months
_pk_ses, _pk_cvar, _pk_hsr: 30 minutes
mtm_cookie_consent: 5 years
Although cochrane.org is designed to provide accurate and authoritative information in regard to the subject matter covered, we make no representations and give no warranties with respect to the accuracy or completeness of the information. By giving you this information we are not giving any form of advice or recommendation and we do not intend you to rely upon it when making (or refraining from making) any decision. The Information is not a substitute for the exercise of professional judgement. If you are not qualified or experienced enough to make that judgement, you should take professional advice.
The content on cochrane.org is primarily created in English. Translations are the responsibility of the teams producing them. They are produced with care and follow standard processes to ensure quality control. However, in case of mismatches, inaccurate or inappropriate translations, the English original prevails.