Last Updated: March 2022
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis, and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.
I. Information Collection
Below are the types and categories of information that we collect. We collect and use the personal data described below in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that your organization obtain such consent.
A. Personal Information
When you register with us through the Site or use certain features of the Service we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). The Personal Information you will be required to provide consists of your name and a verifiable email address. In addition, you may be required to provide additional Personal Information, such as a phone number, and an address, when joining certain groups, depending on the policies set by that group’s administrators.
We treat the Internet Protocol (IP) address of your computer, which is collected as Log Data, as Personal Information. We also treat your account name(s) as Personal Information.
B. Non-Identifying Information
We may also ask you for other information that is not personally identifiable that you provide as part of your “user profile”, such as your organization, your non-profit status, and your preferred time zone (“Non-Identifying Information”).
We may also ask you for other information that is not personally identifiable that you provide as part of using our service, such as endpoint name, transfer label, and bookmark name. We treat this information as Non-Identifying Information and do not treat it as Personal Information. Therefore, we recommend that you do not include any personally identifiable information in such information.
The file names of files that you access or manage via the Service are not treated as Personal Information. Such information is treated as Non-Identifying Information. Therefore, we recommend that you do not include any personally identifiable information in the file names of files that you transfer via the Service.
C. Log Data
When you visit the Site or use the Service, whether logged into a Nightingale Open Science account or as a non-registered user just browsing (any of these, a “Nightingale Open Science User”), our servers automatically record information about your use of the Service and your visit to the Site (“Log Data”). This Log Data includes: information about your data management activities, such as filenames and other file metadata (but not the file contents); your computer’s Internet Protocol (IP) address; your browser type; what Software you were using with the Service; the web page you were visiting immediately prior to visiting our Site; pages of our Site that you visited; the time spent on those pages; information you searched for on our Site; access times and dates]. Log Data may include Personal Information.
II. Use of Information
Our primary goals in using information we collect are to provide and improve the Service, the Site and the related features and content. We know that our users’ Personal Information is of the most concern, and we take this into consideration prior to using their Personal Information. In this regard, we use Personal Information in the following ways:
A. Service Improvement
We may combine your Personal Information with Non-Identifying Information and Log Data, and aggregate it with information collected from other Nightingale Open Science Users, to attempt to provide you with a better experience, to improve the quality and value of the Service, and to analyze and understand how our Site and Service are used. We may disclose your Personal Information to third party services that are used to provide additional capabilities such as support ticket system and to improve the service. Subject to the section below titled “Sharing and Disclosure of Information,” we may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.
We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to contact you with Nightingale Open Science newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or email us at [TBD] with an explicit request to have your information removed from our mailing list. We will comply with your request as soon as reasonably practicable. In no event will we make your Personal Information or email address available for a fee, or for marketing not related to Nightingale Open Science.
C. Service Delivery
We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to provide you with the services that you may request from us. For example, if you are using the Service, we may use your Personal Information to facilitate the transfer of your files or data. We also may use your Personal Information to deliver you other services, such as educational content or information, newsletters or software you request. Finally, we may use your information to communicate Service-related information with you via email or other means, in response to an inquiry by you, or to otherwise alert you to the status of activities you have requested from the Service.
We may use your Personal Information for research purposes. All human subjects research we conduct using your Personal Information is reviewed by an Institutional Review Board to ensure protection of your interests. We never disclose your Personal Information in research publications or in any other method of disclosing research results.
III. Sharing and Disclosure of Information
Below we describe the ways that we share the information that we collect via the Service, including your Personal Information, Non-Identifying Information, and Log Data (collectively referred to as “information.”) Other than as described in this section, we do not rent or share information about you with third parties.
A. Aggregate Information and Non-Identifying Information
We may share aggregated data that does not include Personal Information and we may otherwise disclose Non-Identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated data shared in these contexts will not contain your Personal Information.
B. Service Providers
We may employ or partner with third party companies, organizations and individuals to facilitate our Service, to provide the Service on our behalf, and to perform Service-related services or to facilitate services to our end-users (“Service Providers”). The types of Service Providers we may use include, without limitation, service providers that provide the following types of services: customer support, software development, hosting, accounting, web and user analytics, customer relationship management, webcasting, website maintenance, database management, transferring data or files at the request of a user, and web and live chat hosting. Our Service Providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
C. Your Organization
We may share all information about you or otherwise collected via the Service with your affiliated organization.
D. Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including without limitation subpoenas), to protect our property and rights or those of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
E. Sharing Your Information With Other Users
Other Nightingale Open Science Users may be able to see your Personal Information and Non-Identifying Information in your user profile.
Access to some resources and features may require that you share your information with other Nightingale Open Science Users. For example, a group manager may require that you share certain information with them before they will admit you to the group. However, all such information sharing is under your control, and which you will be requested to consent.
Non-Identifying Information and Personal Information may be shared with the administrators of resources that you access via Nightingale Open Science.
V. Individual Rights
While we encourage you to bring your concerns to us in the first instance, in certain jurisdictions, you may also have the right to submit a complaint to the jurisdiction’s supervisory authority for data protection matters.
Identity theft and the practice currently known as “phishing” are of great concern to us. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.
VII. Changing or Deleting Your Information
You may review, update, correct or delete the Personal Information in your account profile by logging into your account and changing the “user profile” information associated with your account, though such changes may impact your group memberships and associated access rights to certain resources. In order to delete your account please submit a support request by emailing firstname.lastname@example.org.
VIII. Data Retention Policy
We may retain your account information until you have requested that we delete your account on the Service. [We may retain your Personal Information until it is no longer necessary to deliver or improve our service. We may retain Personal Information for research purposes until it no longer has the potential to inform research.] We will retain Log Data consistent with applicable legal requirements. We may purge the Log Data from our systems in accordance with any legal requirements. In the event of an investigation by law enforcement or a response to claims or legal process, we may retain the Log Data until such investigation or process is completed.
We take safeguarding your information very seriously. We employ generally-accepted, industry-standard administrative, physical and electronic measures designed to protect the Personal Information submitted to us from unauthorized access, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic data storage is 100% secure, however. Therefore, while we strive to use appropriate means to protect your Personal Information, we cannot guarantee its absolute security.
We will make disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable laws related to security breach notification) as required by law. We will make such disclosures to you via email or conspicuous posting on the Site in the most expedient time possible and without unreasonable delay. In the course of responding to a breach, we will only disclose your “personal information” to the extent required by and consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger with another party, you grant us the right to assign the information collected via the Service to such other party.
XI. International Transfer
XII. Our Policy Toward Children
The Service is not directed to children under 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at [TBD]. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.
XIII. Your California Privacy Rights
Beginning on January 1, 2005, California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at email@example.com.
XIV. Contact Us
If you have any questions or concerns, please contact us at firstname.lastname@example.org.