Privacy notice overview
This notice is organised into sections so visitors can quickly review the information most relevant to them while keeping the full legal detail available on the page.
Who we are
The Institute of Conflict Medicine (ICMED) operates this website and the related member,
editorial, newsletter, and administrative services available through it. This notice explains
how we collect, use, store, and share personal information when you use conflictmedicine.com
and the services linked to it.
For privacy enquiries, data rights requests, or questions about this notice, contact us using the address listed at the end of this page.
What information we collect
Depending on how you use the site, we may collect the following categories of information:
- Account information, such as your full name, email address, encrypted password hash, verification status, membership tier, and account preferences.
- Membership-related records, such as membership type, payment status, payment reference, and internal membership administration notes.
- Submission and editorial information, such as manuscript title, abstract, keywords, author details, notes, uploaded PDF files, review assignments, reviewer decisions, and editorial outcomes.
- Newsletter and communications data, such as newsletter subscription preference, preview and send records, unsubscribe status, and launch-interest signups.
- Support and contact information, such as institutional membership enquiries and support-the-journal proposals.
- Limited technical and usage information, such as session state, security-related request handling, and aggregated daily visit counts used for internal dashboard reporting.
Passwords are not stored in plain text. Manuscripts, published paper files, and newsletter payloads may be stored either in local application storage or in configured cloud object storage used by the Institute.
How we use your data
We use your information to:
- Create, maintain, and secure member and administrator accounts.
- Operate the member portal, editorial workflow, reviewer assignment process, and submission tracking process.
- Send transactional emails, including account verification, password reset, reviewer assignment, submission confirmation, editorial outcome, and institutional enquiry notifications.
- Send newsletters and Institute updates where you have chosen to receive them.
- Administer membership access and internal publication workflows.
- Monitor site performance, measure broad usage patterns, and support security, troubleshooting, and abuse prevention.
We do not sell personal data and we do not disclose personal data to third parties for their own marketing.
Legal basis, cookies, email, and payments
Our legal bases for using personal data
We rely on one or more of the following legal bases, depending on the activity involved:
- Contract: where we need to provide the account, membership, portal, or editorial service you asked for.
- Legitimate interests: where we need to run, secure, improve, and administer the website and Institute workflows in a proportionate way.
- Consent: where you choose to receive newsletters or provide optional information.
- Legal obligations: where we need to keep records or respond to lawful requests.
Cookies
The website uses a strictly necessary session cookie to keep authenticated sessions working and to protect account and form activity. This cookie does not track you across other websites.
We also store a small browser-side preference in local storage so the cookie notice does not keep reappearing after you accept it. At present, the site does not use advertising cookies and does not use third-party analytics cookies.
Email communications
If you subscribe to the newsletter, we may send updates about publications, events, announcements, and Institute activity. You can unsubscribe at any time using the unsubscribe link included in newsletter emails. We will still send essential service emails where needed for account security, editorial processing, or membership administration.
Payments
Membership payments may be processed through a hosted payment provider such as Stripe. We store membership records, payment status, amount, renewal dates, and provider reference values, but card details are handled by the payment provider and are not stored by this website.
Sharing, storage, and retention
Who we share data with
We may share personal data only where necessary with:
- Authorised Institute administrators handling accounts, memberships, and editorial activity.
- Assigned reviewers and editorial participants where this is necessary for the submission and review process.
- Service providers used to host the application, send email, and store uploaded files or newsletter content.
- Professional advisers, regulators, or authorities where disclosure is required or reasonably necessary.
Where storage or email providers are used, they act on our instructions or provide the technical infrastructure needed to operate the service.
Storage and international transfers
Personal data may be stored in the application database, local application storage, or configured cloud storage. Some technical providers may process data outside the United Kingdom. Where that happens, we expect appropriate safeguards to be used for the transfer and protection of personal data.
Data retention
We keep information for only as long as it is needed for the relevant purpose, including:
- Member and admin account records for as long as the account remains active and for a reasonable period afterwards where needed for security, administration, or record keeping.
- Submission, review, and publication records for as long as needed to support the editorial record and the operation of the journal.
- Newsletter subscription and launch-interest records until you unsubscribe, ask us to remove them, or they are no longer needed.
- Aggregated visit metrics for internal reporting and planning.
Your rights, security, and contact
Your rights
Under applicable data protection law, you may have rights to:
- request access to the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request deletion of your data in some circumstances;
- object to or restrict certain processing;
- withdraw consent where we rely on consent; and
- complain to the Information Commissioner’s Office (ICO) if you are unhappy with how your information is handled.
We do not currently use your personal data for solely automated decision-making that has legal or similarly significant effects.
Security
We take reasonable technical and organisational measures to protect personal data. These measures include password hashing, session controls, rate limiting, access restrictions, upload validation, and security-focused configuration of the website and related storage.
Changes to this notice
We may update this privacy notice from time to time to reflect changes in the website, the Institute’s workflows, or legal requirements. The date at the top of this page shows the most recent update.
Contact
ICMed, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ