Privacy Policy

1. Scope of this Privacy Policy

This Privacy Policy applies to website visitors, registered members, course and workshop applicants, moderators, instructors, founders, research-project participants, users who submit forms or upload documents, and users who join RPL-related Google Forms, Google Drive folders, or WhatsApp groups.

This Privacy Policy does not apply to third-party websites, platforms, or services that we do not control, including Google, WhatsApp, ORCID, ResearchGate, Google Scholar, journal websites, payment providers, or external social-media platforms.

2. Personal Information We May Collect

Depending on how a user interacts with RPL, we may collect identity and contact information, academic and research profile information, uploaded documents, course and assessment data, project-management data, and limited technical data.

2.1 Identity and Contact Information

This may include full name, email address, phone number or WhatsApp number, country, city or region, institution, university, hospital or workplace, academic year, professional title, specialty, or field of interest.

2.2 Academic and Research Profile Information

This may include ORCID iD, Google Scholar profile, ResearchGate profile, publication list, previous research experience, areas of interest, course history, certificates, project participation history, and authorship or contribution records.

2.3 Uploaded Documents

Members may be allowed to upload documents such as CVs, certificates, academic documents, research-related files, manuscript drafts, spreadsheets, images, or PDFs related to educational or research activities.

RPL does not require users to upload passports, national IDs, or similar identity documents through the website.

2.4 Course, Workshop, and Assessment Data

This may include registration forms, attendance records, assessment results, feedback forms, certificate eligibility records, and communications about course requirements.

2.5 Project-Management Data

This may include assigned projects, tasks and deadlines, contribution logs, draft writing, screening, extraction, analysis or revision records, internal project communications, and authorship discussions or decisions.

2.6 Technical and Website-Use Data

Depending on the website configuration, hosting provider, and login system, limited technical data may be processed, such as IP address, device and browser information, login and session information, security logs, error logs, and date and time of access.

At present, RPL does not intentionally use advertising cookies, analytics cookies, tracking pixels, or behavioural advertising tools. If this changes, this Privacy Policy and the Cookie Policy will be updated.

3. Strict Prohibition on Patient Data

The RPL website and member portal are not designed to collect, store, transfer, or process patient data.

Users must not upload, share, or submit patient names, medical record numbers, patient images or clinical photographs, consent forms, hospital records, radiology images containing identifiers, laboratory reports containing identifiers, or any identifiable or confidential patient information.

If patient-identifiable information is uploaded or shared, RPL may remove the material, restrict access, suspend the relevant account, and take any necessary corrective action.

4. Why We Use Personal Information

We may use personal information for account creation and management, manual membership review, member profile management, course and workshop registration, academic announcements, attendance and certificate management, research-project coordination, restricted access to Google Drive folders and WhatsApp groups, publication and contribution records, user support, website security, policy enforcement, and compliance with legal, academic, administrative, or dispute-resolution requirements.

5. Legal Basis for Processing Personal Information

Where applicable, we rely on one or more of the following legal bases: user consent, the need to provide membership or course-related services, RPL's legitimate interest in managing academic collaboration and security, compliance with applicable legal or regulatory obligations, and the need to establish, exercise, or defend legal or academic claims.

For optional public display of member information, such as public profiles, achievements, testimonials, or publication highlights, RPL will use the user's consent or another appropriate basis where applicable.

6. Manual Approval of Members

Registration does not guarantee acceptance as an RPL member. Membership requests are reviewed manually. RPL may accept, reject, suspend, or remove members at its discretion, especially where necessary to protect academic integrity, privacy, security, or the proper functioning of the platform.

7. Email Announcements and Communications

By joining RPL, users agree to receive essential operational emails related to membership status, courses and workshops, project opportunities, active project updates, certificates, deadlines, and important policy or platform updates.

Users may contact [email protected] to request communication-preference changes where appropriate.

8. WhatsApp Groups and Google Drive Folders

RPL may use WhatsApp groups and Google Drive folders for course, workshop, and project coordination.

Access to WhatsApp group links and Google Drive folders should be restricted to approved members or relevant project participants only. Users must not share private group links, Drive links, files, or internal communications with unauthorized persons.

Users should understand that WhatsApp and Google services are operated by third parties and are subject to their own terms, privacy policies, and security practices.

9. Who May Access Personal Information

Access to personal information is limited according to role and need. Depending on the activity, access may be available to RPL founders, website administrators, course or workshop moderators, project managers, instructors, technical service providers, external platforms used for forms, storage, communication, or email, and legal, academic, or regulatory bodies where required.

Moderators and project managers should only access information necessary for their assigned role.

10. Third-Party Platforms and Service Providers

RPL may use third-party platforms including Google Forms, Google Drive, Gmail or Google Workspace services, WhatsApp, ORCID, Google Scholar, ResearchGate, website hosting services, and external payment or transfer methods where applicable outside the website.

These services may process data according to their own terms and privacy policies. RPL is not responsible for the independent privacy practices of third-party platforms.

11. International Data Transfer

Because RPL is international and uses online platforms, personal information may be accessed, stored, or processed in countries other than the user's country of residence. We aim to use reasonable safeguards and restrict access to personal information to the extent necessary for membership, courses, projects, communication, and administration.

12. Data Retention

RPL aims to retain personal information only for as long as reasonably necessary.

As a general rule: contact-form enquiries may be retained for up to six months after the enquiry is resolved; inactive member account data may be reviewed after six months of inactivity; course registration and attendance data may be retained for up to six months after course completion unless needed for certificate verification or dispute resolution; certificate records may be retained for a longer period where necessary to verify issued certificates; project contribution and authorship records may be retained longer where necessary to document academic contributions or resolve authorship disputes; and security logs may be retained for a limited period necessary for security and troubleshooting.

Where possible, data that is no longer needed will be deleted, anonymized, or minimized.

13. User Rights

Depending on applicable law, users may have the right to request access to their personal information, request correction of inaccurate or incomplete information, request deletion of their information, request restriction of processing, object to certain processing activities, withdraw consent where processing is based on consent, and request information about how their data is used.

Requests should be sent to: [email protected]

RPL may need to verify the identity of the requester before responding. Some requests may be refused or limited where retention is necessary for legal, security, certificate-verification, academic-integrity, authorship, or dispute-resolution reasons.

14. Account Deletion

Users may request account deletion by contacting: [email protected]

Upon receiving a deletion request, RPL will review and delete or anonymize data that is no longer necessary. Some limited records may be retained where required for certificate verification, academic contribution tracking, legal compliance, security, or dispute resolution.

15. Data Security

RPL aims to use reasonable technical and organizational measures to protect personal information, including manual approval of member access, restricted access to member data, role-based access where possible, password-protected systems, restricted Google Drive access, avoidance of public sharing links for internal project folders, removal of access when a member or moderator leaves a project, monitoring for misuse, and internal confidentiality expectations for moderators and project managers.

No online platform can guarantee complete security. Users are responsible for keeping their login credentials confidential and for not sharing private links or files externally.

16. Data Breaches

If RPL becomes aware of a personal-data breach, we will assess the situation and take reasonable steps to contain the breach, investigate its cause, reduce harm, and notify affected users or competent authorities where required by applicable law.

17. Children and Minors

The RPL website and member portal are intended for users aged 18 years or older. RPL does not knowingly accept members under the age of 18.

18. Automated Decision-Making

RPL does not currently use automated decision-making or profiling to make decisions about membership approval, course eligibility, project allocation, authorship, or certificates.

19. Changes to this Privacy Policy

RPL may update this Privacy Policy from time to time. The updated version will be posted on the website with a revised "Last updated" date. Continued use of the website, member portal, or RPL services after publication of the updated policy means that the user has reviewed the updated policy.