Last Updated: March 2022

The University of Chicago (the “University” or “we”) is committed to protecting the privacy of the Nightingale Open Science user community. The intent of this Privacy Policy is to inform you of our policies and procedures regarding the collection, use and disclosure of the information we receive from users of the Nightingale Open Science web site hosted at (the “Site”), and of the logged-in Nightingale Open Science platform on the Site (together with the Site, the “Service”).

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on the Site and updating the “Updated” date above. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Nightingale Open Science Terms of Service available at

As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis, and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.

I.  Information Collection

Below are the types and categories of information that we collect.  We collect and use the personal data described below in order to provide you with the Services in a reliable and secure manner. We also collect and use personal data for our legitimate business needs. To the extent we process your personal data for other purposes, we ask for your consent in advance or require that your organization obtain such consent. 

A.  Personal Information

When you register with us through the Site or use certain features of the Service we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). The Personal Information you will be required to provide consists of your name and a verifiable email address. In addition, you may be required to provide additional Personal Information, such as a phone number, and an address, when joining certain groups, depending on the policies set by that group’s administrators.

We treat the Internet Protocol (IP) address of your computer, which is collected as Log Data, as Personal Information. We also treat your account name(s) as Personal Information.

B.  Non-Identifying Information

We may also ask you for other information that is not personally identifiable that you provide as part of your “user profile”, such as your organization, your non-profit status, and your preferred time zone (“Non-Identifying Information”).

We may also ask you for other information that is not personally identifiable that you provide as part of using our service, such as endpoint name, transfer label, and bookmark name.  We treat this information as Non-Identifying Information and do not treat it as Personal Information. Therefore, we recommend that you do not include any personally identifiable information in such information.

The file names of files that you access or manage via the Service are not treated as Personal Information. Such information is treated as Non-Identifying Information. Therefore, we recommend that you do not include any personally identifiable information in the file names of files that you transfer via the Service. 

C.  Log Data

When you visit the Site or use the Service, whether logged into a Nightingale Open Science account or as a non-registered user just browsing (any of these, a “Nightingale Open Science User”), our servers automatically record information about your use of the Service and your visit to the Site (“Log Data”). This Log Data includes: information about your data management activities, such as filenames and other file metadata (but not the file contents); your computer’s Internet Protocol (IP) address; your browser type; what Software you were using with the Service; the web page you were visiting immediately prior to visiting our Site; pages of our Site that you visited; the time spent on those pages; information you searched for on our Site; access times and dates].  Log Data may include Personal Information.

II.  Use of Information

Our primary goals in using information we collect are to provide and improve the Service, the Site and the related features and content. We know that our users’ Personal Information is of the most concern, and we take this into consideration prior to using their Personal Information.  In this regard, we use Personal Information in the following ways:

A.  Service Improvement

We may combine your Personal Information with Non-Identifying Information and Log Data, and aggregate it with information collected from other Nightingale Open Science Users, to attempt to provide you with a better experience, to improve the quality and value of the Service, and to analyze and understand how our Site and Service are used. We may disclose your Personal Information to third party services that are used to provide additional capabilities such as support ticket system and to improve the service. Subject to the section below titled “Sharing and Disclosure of Information,” we may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.

B.  Marketing

We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to contact you with Nightingale Open Science newsletters, marketing or promotional materials and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or email us at [TBD] with an explicit request to have your information removed from our mailing list. We will comply with your request as soon as reasonably practicable. In no event will we make your Personal Information or email address available for a fee, or for marketing not related to Nightingale Open Science.

C.  Service Delivery

We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to provide you with the services that you may request from us.  For example, if you are using the Service, we may use your Personal Information to facilitate the transfer of your files or data.  We also may use your Personal Information to deliver you other services, such as educational content or information, newsletters or software you request.  Finally, we may use your information to communicate Service-related information with you via email or other means, in response to an inquiry by you, or to otherwise alert you to the status of activities you have requested from the Service.

D.  Research

We may use your Personal Information for research purposes. All human subjects research we conduct using your Personal Information is reviewed by an Institutional Review Board to ensure protection of your interests. We never disclose your Personal Information in research publications or in any other method of disclosing research results. 

III.  Sharing and Disclosure of Information

Below we describe the ways that we share the information that we collect via the Service, including your Personal Information, Non-Identifying Information, and Log Data (collectively referred to as “information.”)  Other than as described in this section, we do not rent or share information about you with third parties.

A.  Aggregate Information and Non-Identifying Information

We may share aggregated data that does not include Personal Information and we may otherwise disclose Non-Identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated data shared in these contexts will not contain your Personal Information.

B.  Service Providers

We may employ or partner with third party companies, organizations and individuals to facilitate our Service, to provide the Service on our behalf, and to perform Service-related services or to facilitate services to our end-users (“Service Providers”). The types of Service Providers we may use include, without limitation, service providers that provide the following types of services: customer support, software development, hosting, accounting, web and user analytics, customer relationship management, webcasting, website maintenance, database management, transferring data or files at the request of a user, and web and live chat hosting. Our Service Providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

C.  Your Organization

We may share all information about you or otherwise collected via the Service with your affiliated organization.

D. Compliance with Laws and Law Enforcement

We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including without limitation subpoenas), to protect our property and rights or those of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.

E.  Sharing Your Information With Other Users

Other Nightingale Open Science Users may be able to see your Personal Information and Non-Identifying Information in your user profile.

Access to some resources and features may require that you share your information with other Nightingale Open Science Users. For example, a group manager may require that you share certain information with them before they will admit you to the group. However, all such information sharing is under your control, and which you will be requested to consent.

Non-Identifying Information and Personal Information may be shared with the administrators of resources that you access via Nightingale Open Science. 

F.  Reorganization

We may share your Personal Information in the event of a reorganization, or in the event we merge or assign all or part of our assets to another party, but such other party shall have the same obligations with respect to your information under this Privacy Policy as we do.

IV.  Cookies

Like many web sites, our Site use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s local storage for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your account identifier and other preferences for future logins to the Site, and to analyze Site traffic. Second, we utilize session cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by Nightingale Open Science Users and general web traffic on the Site. We link the information we store in cookies to the Personal Information you submit to us while you are on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the web sites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Site or all the functionality of the Service. 

V.  Individual Rights

Various jurisdictions grant individuals rights regarding their data, including: (i) the right to request access to your information held by Nightingale Open Science; (ii) the right to have inaccurate or incomplete personal data rectified; (iii) the right to erasure of your information, provided there is no legitimate reason for the University to continue to process or retain the information; (iv) the right to restrict processing of your information in specific situations; (v) the right to request provision of some elements of your information (vi) the right to object to processing of your information, including to sending you communications that may be considered direct-marketing materials; (vii) the right to object to automated decision-making and profiling, where applicable.  All requests to exercise any of these rights should be made to Nightingale Open Science at the contact information provided at the end of this Privacy Policy.

While we encourage you to bring your concerns to us in the first instance, in certain jurisdictions, you may also have the right to submit a complaint to the jurisdiction’s supervisory authority for data protection matters.

VI.  Phishing

Identity theft and the practice currently known as “phishing” are of great concern to us. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.

VII.  Changing or Deleting Your Information

You may review, update, correct or delete the Personal Information in your account profile by logging into your account and changing the “user profile” information associated with your account, though such changes may impact your group memberships and associated access rights to certain resources. In order to delete your account please submit a support request by emailing

VIII.  Data Retention Policy

We may retain your account information until you have requested that we delete your account on the Service. [We may retain your Personal Information until it is no longer necessary to deliver or improve our service. We may retain Personal Information for research purposes until it no longer has the potential to inform research.] We will retain Log Data consistent with applicable legal requirements. We may purge the Log Data from our systems in accordance with any legal requirements. In the event of an investigation by law enforcement or a response to claims or legal process, we may retain the Log Data until such investigation or process is completed.

IX.  Security

We take safeguarding your information very seriously. We employ generally-accepted, industry-standard administrative, physical and electronic measures designed to protect the Personal Information submitted to us from unauthorized access, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic data storage is 100% secure, however. Therefore, while we strive to use appropriate means to protect your Personal Information, we cannot guarantee its absolute security.

We will make disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable laws related to security breach notification) as required by law. We will make such disclosures to you via email or conspicuous posting on the Site in the most expedient time possible and without unreasonable delay. In the course of responding to a breach, we will only disclose your “personal information” to the extent required by and consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

X.  Assignment

In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger with another party, you grant us the right to assign the information collected via the Service to such other party.

XI.  International Transfer

Your information may be transferred to “and maintained on” computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, you should be aware that we transfer Personal Information to the United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to such transfer.

XII.  Our Policy Toward Children

The Service is not directed to children under 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at [TBD]. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.

XIII.  Your California Privacy Rights

Beginning on January 1, 2005, California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at

XIV.  Contact Us

If you have any questions or concerns, please contact us at