RAYYAN ONLINE PRIVACY POLICY 

Last Revised on September 24, 2021 

This Privacy Policy for Rayyan Systems, Inc.  (“Company”, “we”, “us” “our”) describes how we collect, use and disclose information about users of the Company’s websites (*.Rayyan.ai (our “Websites”), applications, services, tools and features (collectively, the “Services”).  For the purposes of this Privacy Policy, “you” and “your” means you as the user of the Services.  

PLEASE READ THIS PRIVACY POLICY CAREFULLY.  BY USING, ACCESSING, OR DOWNLOADING ANY OF THE SERVICES, YOU AGREE TO THE USE OF YOUR PERSONAL INFORMATION IT DESCRIBES AND TO THE OTHER TERMS OF THIS PRIVACY POLICY.  IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT ACCESS AND USE THE SERVICES. 

1. UPDATING THIS PRIVACY POLICY 
We modify this Privacy Policy from time to time in which case we will update the “Last Revised” date at the top of this Privacy Policy (the “Effective Date”). If we make changes that are material, we will use reasonable efforts to notify you (e.g. by email sent to the email address specified in your account) and obtain your consent and take additional steps if required by applicable law. Notice may be by email to you at the last email address you provided us, by posting notice of such changes on the Services, or by other means, consistent with applicable law. Any revisions to this Privacy Policy will become effective on the Effective Date. Please check our Websites regularly for notices of changes to our Privacy Policy.  IF YOU DO NOT AGREE TO ANY UPDATES TO THIS PRIVACY POLICY PLEASE DO NOT ACCESS OR CONTINUE TO USE THE SERVICES.

2. COMPANY’S COLLECTION AND USE OF PERSONAL INFORMATION

(a) Information you provide to us 

In order to provide you with our Services, we ask you to provide us with certain details or personal information about you. Personal information that you submit through our Services includes: 

    • Profile details, as follows (first and last name, email, title, organization, position, country, profile, and purpose for using the Services). We collect these profile details to perform our contract with you, such as to: communicate with you about the Service and provide customer support, provide you with the Services, register, create and maintain your account, enable your ability to build a profile in the Services, and with your consent (where required under applicable law), to market to you. 
    • Account information, as follows (username, password, security questions). We collect account information to perform our contract with you, such as: to maintain your account with us, and in order to provide an effective Service to you, as a matter of our legitimate interests, we will use your account information to maintain the safety and security of our users, Service and business. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately. 
    • Payment information, as follows (credit or debit card information, billing address). We collect payment information to perform our contract with you, such as to process your payment, to provide you with the services you have requested.
    • Any other personal information you choose to include in communications with us, for example, when sending a message through the Contact Us web form, posting in the Rayyan Help Center Community forum or Rayyan Support forum, sending us messages through social media messaging platforms, sending chat messages to other users of the Services. We collect this personal information to perform our contract with you or as a matter of our legitimate interests to be responsive to you, provide an effective Service to you and to maintain our business relationship to communicate with you about the Service and respond to your enquiries and messages.  

Some features of the Services require you to enter certain personal information about yourself. You can elect not to provide this personal information, but doing so will prevent you from using or accessing these features. 

(b) Information we automatically collect 

We also automatically collect certain personal information about your interaction with the Services (“Usage Data”). To do this, we use cookies, pixels, web beacons/clear gifs (“Tracking Technologies”). Usage Data includes: 

    • Unique device identifier; 
    • Device type, such as your phone, computer, or tablet; 
    • IP address; 
    • Browser type; 
    • Date and time stamps, such as the date and time you first accessed the Services or took a particular action on the Services; 
    • Operating system; 
    • Log data relating to any actions taken on the Services; and 
    • Other information regarding your interaction with the Services.  

In order to provide an effective Service to you, as a matter of our legitimate interests, we use the personal information we collect automatically to run analytics and better understand user interaction with the Services; improve, support and maintain the Services; and tailor features and content to you. 

(c) Information we collect from other sources 

We obtain personal information about you from outside sources as follows:  

    • Personal information we collect about you from other sources: We obtain your full name, email address, organizational affiliation, and title from consumer marketing databases or other data enrichment provider, which we use in our legitimate interests to better customize our advertising. With your consent (where required by applicable law) we will market our Services to you.] 
    • Personal information from third parties that you choose to share with us: When you choose to link any social media platforms to your account, such as LinkedIn, Twitter, Google or ORCID, we collect your first name, last name, title, organizational affiliation, email address in order to perform our contract with you such as to maintain your account and login information. 

Any personal information we receive from outside sources will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the personal information provided to us by third parties and are not responsible for any third party’s policies or practices. See Section 7 below for more information. 

In addition to the foregoing, we will use all of the above personal information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, the rights of our users, or others. 

3. HOW THE COMPANY SHARES YOUR PERSONAL INFORMATION 
In certain circumstances, the Company shares your personal information with third parties. Such circumstances include:  

    • With other users, in our legitimate interests to provide an effective Service to you or to perform a contract with you. Your profile information is displayed to other users.  
    • With vendors or other service providers, for business purposes in our legitimate interests or to perform our contract with you, such as to help us bring you the Services we offer. Such vendors and other service providers include:
      • Payment processors, including:  Stripe, Square 
      • Data analytics vendors, including: Google Analytics, New Relic 
      • Cloud storage providers, including: AWS, Microsoft Azure, Google Cloud 
      • CRM/support vendors, including: UserVoice, Zendesk, Zoho 
      • IT service management vendors, including: Uservoice, Zendesk, Zoho 
      • Email marketing services vendors, including: Mailchimp, Zoho
    • With our affiliates within our corporate group, in order to perform a contract with you or for business purposes in our legitimate interests. Where we offer to provide services jointly with other companies on the Service, we share your personal information with that company in connection with such offer or use of that Service.
    • To comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries, as required by law. 
    • In connection with an asset sale, merger, bankruptcy, or other business transaction, for business purposes in our legitimate interests.
    • To enforce any applicable terms of service, in our legitimate interests to protect or defend our Services, our rights, the rights of our users or others or as required by law. 
    • To ensure the safety and security of the Company and/or its users, in our legitimate interests to protect or defend our Services, our rights, the rights of our users or as required by law.
    • When you request us to share certain information with third parties, such as through your use of login integrations or when you share your project with other users, with your consent. 
    • With professional advisors, such as auditors, law firms, or accounting firms, for our business purposes in our legitimate interests. 

You acknowledge that such sharing of personal information will occur in all of the aforementioned circumstances and is permitted by and subject to this Privacy Policy. 

4. COOKIES AND OTHER TRACKING TECHNOLOGIES 
Do Not Track Signals 

Your browser settings allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our Websites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com/. 

Cookies and Other Tracking Technologies 

You can control the way in which your devices permit the use of Tracking Technologies. If you so choose, you can block or delete our cookies from your browser; however, blocking or deleting cookies may cause our Services, including any portal features and general functionality, to work incorrectly.  

Most browsers accept cookies automatically. However, you are able to configure your browser settings to use the Services without cookie functionality. You can delete cookies manually or set your browser to automatically delete cookies on a pre-determined schedule.  For example, in the Internet Explorer menu bar, select: Tools > Internet Options > Browsing History > Delete to view manual and automatic options.  

“To opt out of tracking by Google Analytics, click here.” 

If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below. 

5. USER GENERATED CONTENT 

The Services also host discussion forums, messaging functions, and project collaboration features, which users may elect to join and/or participate in. The purpose of these features is to allow users to collaborate on projects and interact through the Services. Through your participation, you are required to submit lists of references, full texts of references, comments, decision labels, messages to other users, and/or comments on forums (“User Content”). We or others store, display, reproduce, publish, or otherwise use User Content. Others also have access to User Content and have the ability to share it with third parties. If you choose to submit User Content to any public area of the Services or mark the content as public, your User Content will be considered “public” and will be accessible by anyone, including the Company. 

Please note that we do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure.  We are not responsible for the privacy or security of any information that you make publicly available User Content or what others do with information you share with them on such platforms.  We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third parties through the forums or email lists. 

6. SOCIAL FEATURES  
Certain features of the Services permit you to initiate interactions between the Services and third-party services or platforms, such as social networks (“Social Features”). Social Features include features that allow you to click and access the Company’s pages on certain third-party platforms, such as Facebook and Twitter, and from there to “like” or “share” our content on those platforms. Use of Social Features entails a third party’s collection and/or use of your data. If you use Social Features or similar third-party services, information you post or otherwise make accessible will be publicly displayed by the third-party service you are using. Both the Company and the third party will have access to information about you and your use of both the Services and the third-party service. For more information on third-party websites and platforms, see Section 7. 

7. THIRD PARTY WEBSITES AND LINKS 
We provide links from third-party websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions.  We do not guarantee and are not responsible the privacy or security of these sites, including the accuracy, completeness, or reliability of their information. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms (such as Facebook or Twitter) will also be viewable by other users of the Services and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on the Services. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of personal information by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy. 

8. CHILDREN’S PRIVACY 
Children under the age of 13 are not permitted to use the Services, and we do not seek or knowingly collect any personal information about children under 13 years of age. If we become aware that we have unknowingly collected information about a child under 13 years of age, we will make commercially reasonable efforts to delete such information from our database. 

If you are the parent or guardian of a child under 13 years of age who has provided us with their personal information, you can contact us using the below information to request that it be deleted. 

9. DATA SECURITY 
Please note that any personal information you send electronically, while using the Services or otherwise, will not always be secure when it is transmitted. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you transmit to us you do at your own risk. 

10. CALIFORNIA PRIVACY RIGHTS 
Sharing for Direct Marketing Purposes 

We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light Law”) with third parties for their direct marketing purposes.  

Users Under 18 

Any California residents under the age of eighteen (18) who have registered to use the Services, and who have posted content or information on the Services, can request that such information be removed from the Services by contacting us at the e-mail or address set forth in the “Contact us” section below. Such request must state that they personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished the post and archived copies of it may be stored by search engines and others that we do not control. 

11. UK AND EU USERS 
Where you are accessing the Services from the European Union (“EU”) or the United Kingdom (“UK”), the following additional terms will apply: 

Data Controller. For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (the “EU GDPR”) and the UK General Data Protection Regulation and/or the UK Data Protection Act 2018 (together, the “UK GDPR”) (the EU GDPR and UK GDPR together, the “GDPR”), Rayyan Systems Inc. is the data controller. 

Data Processor. We act as a data processor on behalf of users in the provision of our Services for all User Content. In such instance, the uploader of the User Content is the data controller of any personal data contained in User Content and individuals should refer to the uploader’s privacy policy for information on how the uploader processes personal data.   

Contacting Us: 

If you wish to contact us to exercise your data rights, or ask about our data processing, you may do so using the following methods: 

UK Representative. Our representative in the UK for the purposes of the UK GDPR is DataRep, which is a company incorporated in Ireland, with its registered address at 12 Northbrook Road, Dublin, D06 E8W5, Ireland and registered company number: 616588.  

    • By email to: datarequest@datarep.com. Please note that when submitting an email, you should quote in the subject line of your email. 
    • By online webform at: www.datarep.com/data-request  
    • By mail to address listed below. Please note that when submitting an enquiry, it is essential to mark your letter recipient as “DataRep,” or the letter may not reach our UK representative. 

DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom  

EU Representative. Our representative in the EU for the purposes of the EU GDPR is DataRep, which is a company incorporated in Ireland, with its registered address at 12 Northbrook Road, Dublin, D06 E8W5, Ireland and registered company number: 616588. 

    • By email to: datarequest@datarep.com. Please note that when submitting an email, you should write “Rayyan Systems, Inc.” in the subject line of your email. 
    • By online webform at: www.datarep.com/data-request  
    • By mail to one of the following addresses listed at the bottom of this page, depending on where in the EEA you reside. Please note  that when submitting an enquiry, it is essential to mark your letter recipient as “DataRep,” or the letter may not reach our EU representative. 

Data Subject Rights. Under the GDPR, you have certain rights in relation to your personal information: 

    • Access: You have the right to access personal information we hold about you, how we use it, and who we share it with. 
    • Portability: You have the right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, with certain exceptions. 
    • Correction: You have the right to correct any of your personal information we hold that is inaccurate. 
    • Erasure: In certain circumstance, you have the right to delete the personal information we hold about you. 
    • Restriction of processing to storage only: You have the right to require us to stop processing the personal information we hold about you other than for storage purposes in certain circumstances. 
    • Objection: You have the right to object to our processing of your personal information. 
    • Objection to marketing: You can object to marketing at any time by using the unsubscribe button at the bottom of our emails or accessing your profile settings. 
    • Withdrawal of consent: Where we rely on consent to process your personal information, you have the right to withdraw this consent at any time by emailing us at info@rayyan.ai or support@rayyan.ai.  

Some of these rights only apply in certain circumstances and in many cases, are limited by law. For example, where fulfilling your request will adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal information.  

We will respond to your requests to exercise these rights as required by applicable law. To exercise any of your rights, please email us at info@rayyan.ai or support@rayyan.ai

International Transfers. As we are an international business, your personal information will be transferred to, and stored at/processed in countries outside the European Economic Area (“EEA”) and the UK such as to the United States in order to fulfil your request or provide the Service in accordance with applicable law. Your personal information is also processed by staff operating outside the UK/EEA who work for us or for one of our third party service providers or partners as listed above.  

Retention. We will retain your information for as long as necessary to provide the Services.  

We will also retain and use your personal information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our policies. If you stop using our Services or if you delete your account with us, we will store your information in an aggregated and anonymized format. 

Complaints. If you have complaints about how we process your personal information, please contact us at info@rayyan.ai or support@rayyan.ai and we will respond to your request as soon as possible. If you think we have infringed data protection laws, you can file a claim with the data protection supervisory authority in the country in which you live or work. 

12. INTERNATIONAL USERS 
The Services are designed for users in the United States, EEA and UK. 

13. HOW TO CONTACT US 
Should you have any questions about our privacy practices or this Privacy Policy, please email us at info@rayyan.ai or support@rayyan.ai,  or contact us at Rayyan Systems Inc., 1 Broadway, 14th Floor, Cambridge, MA 02142, USA. 

Country Address
Austria DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech
Republic Republic
Denmark DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France DataRep, 72 rue de Lessard, Rouen, 76100, France
Germany DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
Iceland DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland
Ireland DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
Latvia DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Liechtenstein DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Lithuania DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Norway DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
Poland DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
Sweden DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
United Kingdom DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom