Privacy
Taking your personal information seriously – the OpenAthens privacy policy.

OpenAthens is a Jisc enterprise. Jisc is a registered charity (in England and Wales under charity number 1149740; in Scotland under charity number SC053607) and a company limited by guarantee which is registered in England under Company No. 05747339, VAT No. GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. If you are a visitor to this website or an OpenAthens user, or if you represent an organization that uses OpenAthens, we want to explain how we respect your privacy. If you have any questions about this privacy notice or about your personal information, then please email contact@openathens.net.
We’ll use the information, as described in our standard privacy notice (at https://www.jisc.ac.uk/website/privacy-notice), to provide the OpenAthens service you’ve requested, as well as to identify problems or ways to make the service better. We’ll keep the information until we are told that you are no longer the nominated contact.
How have we got your information?
- You may have given us your personal data yourself. For example, you may have given us your business card at an event, emailed us requesting information, or filled in an online form so that you could download a report, document, or some other information.
- We may have found your contact details at some publicly available source but in this case, we wouldn’t use them without your consent.
- The organization you work for may have given us your personal data or asked you to give it to us because your role is key to the OpenAthens service or because you need to be an OpenAthens user.
- If you visit our websites, we might use cookies and analytical tools to collect anonymous information about your visit. Cookies are small text files placed on your computer to collect standard internet log and visitor behavior information. Tracking and analyzing visitor activity enables us to improve the website. For further information visit www.aboutcookies.org or www.allaboutcookies.org. You can set your browser not to accept cookies and the above-mentioned websites tell you how to remove cookies from your browser. However, this might disable some of the key website features.
What information do we collect?
- If you are an OpenAthens user your organization may have asked us to create an account for you. To do this we only need your name and email address. We encrypt this information so that we don’t disclose your identity to the publishers whose resources you need to access unless your organization asks us to do so. If your organization creates your account they will choose what information to collect and what information to disclose to publishers. This OpenAthens Privacy Notice can’t address that situation, you need to contact your organization’s OpenAthens administrator if you have any questions.
- If you are the OpenAthens contact for your organization or someone who has expressed an interest in OpenAthens, we only require your name, your role or job title, your department, the name of your organization, and your business contact details (phone numbers and email address).
- Occasionally we might ask you for other personal information when we run an event or an online survey. We’ll always make it clear why we’re collecting that information and how long we’ll keep it and of course, it will be up to you whether you want to participate in the event or survey.
What we do with your information
We only use your information in connection with the OpenAthens service.
- We may contact you with news about OpenAthens including changes and improvements to service and to tell you about any events or surveys that we’ll be running.
- If you’re the nominated contact for your organization, we may also need to use your personal data to process your purchase orders, invoices, and payments and to contact you about the service. This means we might need to share your personal data with some of our suppliers/service providers.
- We’ll never sell your data. We might need to share it with third parties but only in connection with the OpenAthens service – for example, if you are located outside the UK then one of our local partners may need to use your personal data so as to deliver some aspects of the OpenAthens service for us. Sometimes we’ll run communication campaigns using carefully selected marketing agencies to contact you on our behalf and so we’d have to give them your contact details. All third parties must give us contractual commitments to only use your information in connection with OpenAthens. If any of them want to put you on their own mailing lists, they need your specific agreement and they should let you review their own privacy policy.
- If you’re an OpenAthens user and we were responsible for creating your account, we anonymize your personal data when we deliver the OpenAthens service to you and we do not sell or share your personal data with any third party.
Contact us for if you’d like details about any specific third party that we’re using.
How we protect your information
- We adopt best industry practice to protect your information by aligning with the international standards for information security such as ISO27017 and ISO27018 and we hold our own ISO27001 certification. We keep your personal information behind firewalls to prevent unauthorized access and it’s encrypted in transit.
- OpenAthens uses the Google Cloud Platform. Google adopts leading security measures and is certified to all the standards we’ve listed above. You can read more about their security measures here: https://cloud.google.com/terms/data-processing-terms
- If you’re the nominated contact for your organization your information may also be kept in public or private clouds used by the service providers we’ve selected for our finance systems. We only use service providers where we are happy with the security measures they implement to protect the data we entrust them with.
- All other third parties, wherever they are located, who have to use your information in connection with the OpenAthens service must give us contractual commitments to adopt practices consistent with the requirements of the General Data Protection Regulation.
How long do we keep your information?
- We’ll keep your personal information until you tell us not to. You can unsubscribe at any time.
- However, by law, we must keep financial records such as purchase orders and invoices for six years. If you’re the nominated contact for your organization, your details might appear on these records. But apart from this, we keep your information until your organization tell us not to – for example when you stop working for them or because your job role has changed. In any case, we contact your organization every two years to check that your details are still valid. One year after your organization’s OpenAthens contract ends, we’ll contact you to see if you want us to delete your contact details or whether you’d like us to continue to send you OpenAthens news.
How you can check your information
- We’re happy for you to check the information we have about you at any time. You can ask us to tell you what information we have, why we have it, how we protect it etc. You can also check that your information’s accurate and we’ll make any corrections promptly. Similarly, we’ll delete your information if you ask us to.
- Please note that if you’re an OpenAthens user or the nominated contact for your organization, we’re obliged to check with them before we delete your information. This is because they are the data controller for your information and, for example, your organization might need us to substitute someone else’s contact details before we delete yours.
- If you want to know about your information please use the contact details shown at the top of this notice.
Other websites
This OpenAthens website contains links to other websites. Your visit to those other websites will be governed by their own published privacy policies.
Changes to our information security practices
We review our information security practices frequently, so this privacy notice will be updated periodically, therefore we suggest you check it from time to time.
Effective from 2 January 2019 the data controller for OpenAthens has changed from Eduserv to Jisc. This reflects the merger between Eduserv and Jisc.
The version that appears here was published in April 2021.