Privacy and Data Protection Privacy and Data Protection

We are committed to compliance with all applicable privacy and data protection laws. 

In providing the Pure service, Elsevier handles personal data on behalf of Pure subscribing institutions (“Customer”). Personal data received from a faculty individual at the Customer (“End User”) is processed for Elsevier’s own purposes, namely:

1. process and fulfil the service agreement;
2. provide, activate and manage user access to and use of the service; and
3. provide technical and product support to help keep the service working, safe and secure and to respond to requests, inquiries, comments and concerns. 

For more information about our collection and use of such personal data, please visit the Elsevier Privacy Policy.

Data Processing Terms

Elsevier’s processing of personal data is subject to the Elsevier Data Processing Addendum (Elsevier DPA) unless otherwise agreed. 

Subprocessing

The Elsevier DPA incorporates a list of subprocessors, which are subject to appropriate contractual terms:

• The processing by Elsevier affiliated companies is subject to the RELX data processing terms, which are incorporated into our intercompany agreements.​
• The processing by Amazon Web Services (AWS) is subject to the AWS Data Processing Addendum. 
• The processing by other service providers is subject to the RELX data processing terms or comparable terms.​

For more information about how AWS complies with applicable data protection laws visit https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html.

For more details on how our subprocessors assist us in providing the Pure services, visit https://www.elsevier.com/legal/subprocessors/pure.

Cross-border Transfers

Unless otherwise agreed, for customers located in the EU/EEA/UK/Switzerland, personal data is hosted on behalf of Elsevier at the AWS EU-West-1 data centre in Ireland. ​ Any transfer of personal data from the EU/EEA/UK/Switzerland to a third country is subject to appropriate safeguards in accordance with applicable data protection laws. 

Government Access

We have no reason to believe that any government authorities have access to any personal data submitted to Pure that our customers do not make public. Nonetheless, we have strict protocols in place for handling and responding to any government requests for personal data.

With respect to US laws, we are not a provider of electronic communication services to the general public and therefore we are unlikely to receive an order under 50 U.S.C. § 1881a (FISA 702). Any access by public authorities to personal data transferred from the EU/EEA/UK/Switzerland is subject to the protection under clause 15 of the Standard Contractual Clauses.