Data Protection & Privacy Policy


  1. Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.
  2. Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.


  • Overall and final responsibility for data protection lies with the ReproHack Core team, who are responsible for overseeing activities and ensuring this policy is upheld.

  • All ReproHack Hub Users are responsible for observing this policy, and related procedures, in all areas of their work for the group.


  • The ReproHack Hub needs to keep some personal data about its core team and members in order to carry out group activities.

  • We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.

  • We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.

  • We will only collect, store and use data for:

    • purposes for which the individual has given explicit consent, or
    • purposes that are in our our group’s legitimate interests.
  • We will provide individuals with details of the data we have about them when requested by the relevant individual.

  • We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.
  • We will store personal data securely.


Data we collect

The only personal data we require are users' names and email addresses. Any other personal information on users' profiles is optional. Emails are never disclosed publicly on the Hub while names and other user profile information is only visible to other logged in users.

We do not collect sensitive personal information on our users, as defined by the European Commision, for example, data on racial or ethnic origin, polical opinions, religious or philosophical beliefs, sexuality, genetic, biometric or health data etc.

Who do we share your data with?

To communicate research or findings resulting from ReproHack activities to the public and the academic community, anonymised data provided to the Hub may potentially form part of a research publication, conference presentation, public talk or blog post. Where researchers wish to use any information that would identify you, specific consent will be sought.

The privacy of your personal data is paramount and will never be disclosed unless there is a justified purpose for doing so (e.g. providing contact email addresses for event hosts). The ReproHack project will NEVER sells personal data to third parties.

Your data may be shared with:

  • Personal data will only be handled by immediate core project team who are authorised to work on the project and access the information.
  • Anonymised data may be shared with collaborators at other organisations authorised to work on the project.

Data Storage

Data is stored securely in fully GDPR compliant data centers through the EU-hosted PythonAnywhere system and covered by a GDPR compliant Data Processing Agreement (DPA). See the full Privacy and Cookies Policy for details.

Your Rights Under Data Protection

One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data.

The GDPR gives you the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

Data retention

Please note that many of these rights do not apply when the data is being used for research purposes, but we will always try to respond to concerns or queries that you may have.

To protect the integrity of ReroHack activity records, we do not by default delete your data should you delete your account. Instead, upon account deletion: - Papers are automaticallly archived and no longer available for review. - Reviews are set to private and associated with a deleted-user account. - Events remain public and visible but become associated with a deleted-user account.

Contact Us

Please feel free to contact us at if:

  • you have a query about how your data is being used.
  • you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately).
  • you would like to complain about how we have used your personal data.

We will do our utmost to help!

Further Information and Support

The Information Commissioner is the regulator for GDPR and you have the right to raise concerns with the Commissioner. The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public:

The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website: