User Data and Privacy
Our commitment
Respecting and protecting user data and privacy are key priorities at Elsevier as maintaining the trust of the people who use our products and services is critically important to us. We are committed to being transparent about the data we use, how it is used, how it is stored, for how long and why. We work closely with the research and healthcare communities that we serve so that, together, we can continually improve the safeguarding of personal data and privacy.
Here you can learn more about our approach to data privacy and the tools available to help our community of users manage their personal data.
Elsevier Privacy Principles
We recognize that the proper handling of personal data is very important to our customers and the communities we serve. We support the right of individuals to manage how their personal information is collected and used. The Elsevier Privacy Principles reflect our commitment to responsible privacy and security practices.
Value
We carefully use personal data to help us support customers and individual users through customization and personalization options in our products, to inform product development, to operationally monitor our systems, for security purposes and to comply with our legal and contractual obligations.
Transparency
We tell users about the personal information we collect, including how and why we will use and share it.
Choice
Users are given choice over the collection, use and sharing of their personal information.
Anonymization
We depersonalize and aggregate personal information where individual identification is not necessary.
Accountability
We are committed to acting as a responsible steward of personal information.
Elsevier Privacy Center
The Elsevier Privacy Center S’ouvre dans une nouvelle fenêtre is part of our commitment to being transparent about personal data. The Center offers users the option to review and adjust their privacy settings for products accessible through their Elsevier account and manage other privacy preferences.
Featured data privacy stories
Frequently Asked Questions
The term “usage data” refers to data about how a website, mobile app or other resources are accessed and used, such as visits to a web page. Elsevier web servers automatically record usage data, which may be personally identifiable to individual users.
We support the right of individuals to have control over how their personal information is collected and used. We strive for transparency in all personal data management, as articulated in our Privacy Principles and Privacy Policy and demonstrated by our user Privacy Center S’ouvre dans une nouvelle fenêtre.
Personal usage data helps Elsevier support its customers and individual users in several ways:
Customization and Personalization: We offer our users customized content and personalization options to improve their efficiency. For example, anonymized and aggregated usage data is used for ScienceDirect’s Recommendations S’ouvre dans une nouvelle fenêtre on the Article Page.
Product Development: We proactively review usage patterns to enhance our products and services. For instance, as part of our agile product development process we often run A/B tests, comparing the performance of different user journeys or functionality upgrades to determine which serves our end-users most effectively.
System Monitoring: We monitor usage data to prevent system failure and to help protect our platforms (and customers) against cybersecurity risks and to suggest future enhancements. We use a variety of technologies that process usage data to identify operational system anomalies and potential threats, prevent fraud and unauthorized access, and ensure our solutions remain continuously available.
Regulatory or Contractual Obligation: We use usage data to comply with our legal and contractual obligations, such as reporting on usage under subscription agreements, resolving disputes and enforcing our agreements.
Many of our products offer personalization options to help users work more efficiently or support insights. On ScienceDirect, registered users can save or revisit their search or download histories, making it easier to resume a previous line of research. This type of functionality is dependent on our systems being able to identify users, so they are openly asked to set up an account by sharing minimal personal information. If a user chooses not to register and use personalization, they will still be able to use products like ScienceDirect, albeit with limited personalization options. Personalization does not work unless our systems are able to recognize a person, albeit based on limited personal data required to make the service viable. We only request information that is strictly relevant to the functionality and the exchange is transparent and confined to our products. There are benefits for those customers who choose this additional functionality in terms of research efficiency .
No, we do not sell personal usage data to any third party. We provide usage reports to customer institutions and consortia as part of our contractual obligations, which are restricted solely to their authorized users (i.e. we do not share the usage details of other customers). Such reports typically include information on the number of articles end users viewed or downloaded and support customer use cases such as usage analysis, subscription management, course management, testing, and remediation. Aggregated usage data is made available externally on some of our solutions — e.g., the total number of readers of articles indexed by Mendeley — but no personal information is disclosed. We sometimes share usage data with the suppliers and service providers that support our solutions — for example, to help ensure the ongoing stability of a platform — and these organizations are required to meet the same high data protection standards as Elsevier.
To achieve a consistently high standard for data security, Elsevier utilizes a Defense-in-depth methodology. This consists of controls and processes designed to protect against unauthorized access and alteration of data, like:
Encryption: We use industry standard encryption technologies for sensitive data in transmission and at rest to protect our data and make it unreadable to unauthorized users.
Physical Security: Data is stored and processed at physically secure data centers protected by segregated security zones.
Network Security: Elsevier utilizes a variety of network security technologies and processes to identify, prevent and detect unwanted traffic.
Log Management: Logs and log management tools are used to capture a variety of usage data, application and system logs, including but not limited to aggregated and anonymous usage activity (such as search queries), server activity and registered user logins. Access to logs is restricted with logs being securely stored based on their data classification.
Identity & Access Management: Access to our subscription products is restricted to authorized users and customers. User accounts, passwords, roles, groups and content subscription licenses are used to support appropriate authorization and authentication. User credentials are securely stored and protected.
Elsevier retains personal data for as long as necessary to provide the service and for other essential purposes such as complying with legal and contractual obligations, as described in the Elsevier Privacy Policy S’ouvre dans une nouvelle fenêtre. Because these needs can vary for different data types, the context of our interactions with the user, and/or use of products, actual retention periods vary.
Third parties that process data on behalf of Elsevier agree by contract to only process such data for the specifically permitted purposes. Additionally, they must use appropriate technical and organizational security measures to safeguard the data. All third parties processing personal data as part of their services to us are required to agree to the RELX Privacy and Data Protection Requirements for Suppliers S’ouvre dans une nouvelle fenêtre or comparable terms. International personal data transfers are subject to appropriate safeguards, such as Standard Contractual Clauses, as required under applicable law.