Permalink
Find file
executable file 185 lines (91 sloc) 30.2 KB

CENTER FOR OPEN SCIENCE, INC.
PRIVACY POLICY

Center for Open Science, Inc. (referred to as "COS", "Open Science Framework", "OSF", "us" "our" and "we") is a nonprofit organization that operates certain websites at the cos.io (or centerforopenscience.org) and the osf.io (or openscienceframework.org) URLs ("Websites" or "Services"). COS conducts research on scientific practices and provides grants for relevant projects. COS fosters an open and interactive community among open source developers, open science researchers, and the broader scientific community. We also support and improve the scientific workflow by connecting technologies that researchers use by means of our development and administration of the Open Science Framework.

Our mission is to increase the openness, integrity, and reproducibility of scientific research and scholarly communication by creating and operating an open access infrastructure (referred to as "OSF" or the "Framework") to support the entire research lifecycle from planning, execution, reporting, archiving and discovery. The use of our Websites and Services are free of charge. This Privacy Policy applies to contributors of content to, and users of, our Websites and Services.

In this document, we use "you" to refer to researchers and other users of our Websites and Services. We do not collect any personally identifiable information about you when you visit our Websites unless you choose to provide us with that information. We do not collect information from you for commercial marketing or any other purpose unrelated to our purpose.

Our goal is to provide you with a personalized online experience that provides you with the information, resources, and services that are most relevant and helpful to you. This Privacy Policy has been written to describe the conditions under which our Websites and Services are made available to you. Our Privacy Policy discusses, among other things, how data obtained during your visits to our Websites may be collected and used. Our Privacy Policy also discusses important limitations to the way you may use materials and services you find on the site. Read the Privacy Policy carefully. By using this site, you will be deemed to have accepted the terms of this Policy. If you do not agree to accept the terms of the Privacy Policy, you are directed to discontinue accessing or otherwise using the site or any materials obtained from it.

We protect your personal information using industry-standard safeguards. We may share your information with your consent or as required by law as detailed in this policy, and we will let you know when we make changes to this Privacy Policy by posting changes to the site.

  1. CONSENT

    By using our Websites and Services, and/or by permitting the deposit and/or publication of your personal information on or through our Websites, you agree to the terms of this Privacy Policy. More information on specific privacy settings for Projects is provided in Section 11.

  2. SITES COVERED BY THIS PRIVACY POLICY

    This Privacy Policy applies to the COS Websites located at centerforopenscience.org and osf.io. Our privacy practices are based on three levels of openness and privacy, which are set by the Administrator of each Project, namely, public , limited access, and private access. These levels of privacy are described in Section 11 of this Policy.

  3. CHANGES TO THIS PRIVACY POLICY

    The process of maintaining a website is an evolving one, and COS may modify and amend this Privacy Policy by posting a new Policy on our Websites. Please review any posted changes to our Privacy Policy carefully. If you agree to the terms, simply continue to use our Websites and Services. If you object to any of the changes to our Privacy Policy, please do not continue to access our Websites or use our Services, as your continued use of our Websites and Services after we've posted a notice of changes to the Privacy Policy shall constitute your consent to the changed terms or practices.

  4. CHILDREN'S PRIVACY

    COS is committed to protecting the privacy needs of children. COS does not intentionally collect information from children under the age of 13, and COS does not target its sites to children. Only persons who are more than 18 years old or an emancipated minor may use our Websites and Services. By accessing our Websites and Services, you are legally acknowledging that you are over the age of 18 or an emancipated minor. If you are under the age of 18, you don't have the legal right to access our Websites and Services.

  5. CALIFORNIA SHINE THE LIGHT LAW

    California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information, please email us at contact@cos.io with the subject line "Request for California Privacy Information", we will send you a reply e-mail containing the requested information. Not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.

  6. SECURITY

    We have implemented industry-standard security safeguards designed to protect the personal information that you may provide. We also periodically monitor our system for possible vulnerabilities and attacks, consistent with industry standards. You should be aware, however, that since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you submit to the site. There's also no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It's your responsibility to protect the security and integrity of your account details, including your username and password. To maintain the security of your information (or another user's personal information that you are authorized to manage as an Administrator), you must keep your username(s) and password(s) strictly confidential and not disclose them to anyone. You will be solely responsible for any action, activities, and access to our Websites and Services that are taken using your username and password and that occurred before you notified us of their loss. If you become aware of any security breach of your password or of the security of the Websites or Services, you must contact us as soon as possible at security@osf.io.

  7. TYPES OF INFORMATION WE COLLECT

    (a) Registration.

    Unless you are a member of the general public with limited viewing rights, in order to fully use the COS Websites and Services, you will need to create an account by providing us with at least your name, email address, and a password. You can choose to provide other information about yourself in your account profile during the registration process (for example, your organizational or company affiliation, your level of education, location, your job title, professional experience, professional affiliations and memberships, etc.). This information that you voluntarily provide may be seen by other users who view your profile.

    We use this additional information to provide you with more customized services, and this information may be viewable by others. You understand that, by creating or claiming an account, COS and others within your Project's level of access will be able to identify you by your profile, and you agree to allow COS to use this information in accordance with this Privacy Policy and our Terms of Use. You must follow this link to our Terms of Use in order to understand the terms of your relationship with COS. On some pages of our Websites, you may be able to request information, subscribe to mailing lists, participate in online discussions, collaborate on documents, provide feedback, submit information into registries, register for events, apply for membership, or join committees or working groups. The types of personal information you provide to us on these pages may include your name, address, phone number, e-mail address, user IDs, passwords, or other information that relates to you personally.

    (b) Group Participation.

    We may collect information when you use our Websites, such as when you join and participate in any group, participate in any polls or surveys, or otherwise interact with other users within the community.

    (c) Non-Personal Information.

    Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity COS may collect, analyze, and share aggregated non-personal information to evaluate how visitors use our Websites and Services.

    (d) Aggregate Information.

    COS may collect aggregate information, which refers to information your computer automatically provides us and that cannot be tied back to you as a specific individual. This information can be shared with third parties without restriction. Examples include referral data (the sites you visited just before and just after our site), the pages viewed, the date of your visit, time spent at our Websites, and your Internet Protocol (IP) addresses. An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from one of our sites, our servers log your IP address to create aggregate reports on user demographics, traffic patterns, metascience, and for purposes of system administration.

    (e) Log Files and IP Addresses.

    We may collect information from the devices and networks that you use to visit the Websites in order to help improve the services we provide. Every time you request or download a file from the site, COS may store data about these events and your IP address in a log file. We may use this information to analyze trends, administer the site, track users' movements, and gather broad demographic information for aggregate use or for other business purposes. When you access or leave our Websites by clicking on a hyperlink, we receive the URL from the site from which you last visited or the one to which you're directed. We may receive the Internet Protocol ("IP") address of your computer or proxy server used to access the site, your operating system, the type of browser you used, and the type of device and/or operating system you use, the Application Programming Interface ("API") you use, or your mobile device carrier or your ISP. We also may receive location data passed to us from third-party services or GPS-enabled devices that you have set up in order to customize your experience based on location information.

    (f) Cookies.

    We use cookies and similar technologies, including mobile device identifiers, to help us recognize you when you log into our Websites and Services. By accessing our Websites, you are consenting to the placement of cookies and other similar technologies in your browser in accordance with this Privacy Policy and our Terms of Use.

    Cookies are small packets of information that a site's computer stores on your computer. COS can then read the cookies whenever you visit our Websites. We may use cookies in a number of ways, such as to save the fact that you are logged into the system so you don't have to relogin each time you visit our Websites, to deliver content specific to your interests, and to track the pages you've visited. These cookies allow us to use the information we collect to customize your experience so that your visit to our Websites and your use of our Services are as relevant and as valuable to you as possible. You may modify and control how and when cookies are set through your browser settings. Most browsers offer instructions on how to reset the browser to control or reject cookies in the "Help" section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission.

    (g) Web Beacons.

    Our Websites also may use web beacons and other technologies, such as pixels and javascript tags, to collect non-personal information about your use of our site and the sites you visit, your use of special announcements or newsletters, and other activities. The information collected by web beacons allows us, for example, to statistically monitor how many people are using our Websites; how many people open our emails; and for what purposes these actions are being taken. We do not share personally identifiable information with any third-party advertisers, but we may show you sponsored content from our members and affiliates.

    (h) New Technologies.

    As new technologies emerge, COS may be able to improve our services or provide you with new ones, which means that COS may create new ways to collect information on our Websites. If we offer a new service or new features to our existing Websites, for example, these changes may result in our collecting new information in order to improve your user experience.

  8. COS ADMINISTRATORS AND MODERATORS

    If you contact COS, we collect information that helps us categorize your question or report, respond to it, and, if applicable, investigate any breach of our Terms of Use or this Privacy Policy. We also may use this information to track potential problems and trends in order to improve our services to you and to the community as a whole.

  9. LINKS TO THIRD-PARTY SITES AND SERVICES

    Our Websites and Services may provide links to third-party sites for the convenience of our users. If you access those links or third-party add-ons, you will leave our Websites or use the services of another Website. COS does not control these third-party sites and cannot represent that their policies and practices will be consistent with this Privacy Policy or our Terms of Use. For example, other sites may collect or use personal information about you in a manner different from that described in this document. You should be aware that materials available through third-party sites may be protected from unauthorized copying and dissemination by U.S. copyright law, trademark law, international conventions, and other intellectual property laws, and the usage of such materials may be subject to limitations that are more or less restrictive than those expressed herein. Therefore, you should use other sites with caution, and you do so at your own risk. We encourage you to review the privacy policy of any site before submitting personal information.

    We may receive information when you use your account to log into a third-party site or application in order to recommend tailored information to you and to improve your user experience on our Websites. We may provide reports containing aggregated impression information to third parties to measure Internet traffic and usage patterns.

  10. DEFINITIONS.

    In our Privacy Policy and Terms of Use, we use "you" to refer to researchers and other users of the Websites and OSF. We also use the following defined terms:

    (a) Project. A "Project" is an individual or collaborative enterprise that also may have oversight and control over smaller component(s) of the Project.

    (b). Content. As used in these Terms of Use, "content" means any research, data, text, images, software and software code, data sets, information or other materials.

    (c) Users. All Users must accept the COS Terms of Use and Privacy Policy.

    (d) Administrator. An administrator is an individual who has full rights to control all aspects of a Project. An Administrator may create a Project or components of a Project, create and change passwords, create and change permissions, identify the legal terms that govern the ownership of the intellectual property in Content deposited into a Project or a Project component or identify the license restrictions governing the use of the intellectual property incorporated into the Project or a Project component, control and modify access and privacy settings for the Project and its components, create templates for the administration of a Project, set and modify license terms for the use of Content, invite other users to contribute to a Project or a component of a project, authorize Public API add-ons, remove Projects or Project Components from the COS Websites and Services. Administrators must have the authority to bind the individual Administrator's business, organization or institution to COS's Terms of Use and Privacy Policy.

    (e) Proxy. A Proxy is a person to whom the Administrator has granted the authority to manage a Project or Project component on his or her behalf, which may including setting and modifying user access, privacy settings, license terms, and editing and depositing Content.

    (f) Contributing User. A Contributing User may access, deposit, and edit Content to a Project or a Project component.

    (g) Active User. An Active User may have select interactive use of the COS Websites and Services, subject to restrictions imposed by the Administrator.

    (h) Passive User. A passive user, including journal editors/reviewers, other scientists, and members of the general public, may use the COS Websites and Services solely as an information resource without any ability to change or modify any Project content.

    (i) Public API. An application program interface available to the public to facilitate computer communication with OSF. COS Websites and Services are accessible via various Public APIs, including but not limited to, GitHub, Twitter, Facebook, YouTube, Google Scholar and Google Groups, and LinkedIn.

    (j) Privacy Settings. Privacy Settings define whether Project Content may be publicly displayed, displayed with restricted access to a limited group, or private.

    (k) Trusted Party. A Trusted Party is an individual or organization to which the Administrator has given the right to view, edit, and/or deposit specific data within a Project or Project component.

  11. PRIVACY SETTINGS

    Projects and Project components can be created by an Administrator. The Administrator may choose whether to designate and make Content public, limited access or private. If an Administrator wishes to send you an invitation to participate in a Project or Project component, the Administrator or COS will send you an email. Once you accept the invitation, your personal profile information may be made available to others collaborating on the Project, subject to the specific privacy access restrictions imposed by the Administrator of your Project.

    (a) Public. Content originally designated by the Administrator as "Public" will be available to the public. If you accept an invitation to participate in a Project, your personal profile information may be shared with the general public.

    (b) Limited Access. Content marked as "Limited Access" may be viewed through our Websites and Services by the Project Administrator, a Proxy, a Contributing User, an Active or Passive User, and a Trusted Party, subject to the restrictions imposed by the Administrator.

    (c) Private. Content marked as "Private" may be viewed only by those specifically designated by the Administrator.

    If an Administrator changes the privacy settings of a Project, those changes will be applied prospectively. For example, if an Administrator changes a privacy setting from "Public" to "Private" or "Limited Access", there is no way for COS to restrict people who have previously viewed or downloaded the previously publicly accessible Content from using it.

  12. HOW WE USE YOUR PERSONAL INFORMATION

    When you register with COS, you acknowledge that information you provide on your membership profile may be seen by others and used by COS as described in this Privacy Policy and our Terms of Use.

    (a) Consent to COS to Use Personal Information.

    COS may use personal information you supply to provide services that support the activities of the organization, its members, and their collaboration on Projects. When accessing the Websites, your personal user information may be tracked by COS in order to support collaboration, ensure authorized access, and enable communication between collaborators.

    The personal information you may provide to COS may reveal or allow others to discern aspects of your life that are not expressly stated in your profile (for example, your picture or your name may reveal your gender). By providing personal information to us when you create or update your account and profile, you are expressly and voluntarily accepting the terms and conditions of our Terms of Use and freely accepting and agreeing to our processing of your personal information in ways set out by this Privacy Policy. Supplying information to us, including any information deemed "sensitive" by applicable law, is entirely voluntary on your part. You may withdraw your consent to COS's collection and processing of your information by changing or closing your account.

    (b) Communications from COS.

    We use the information you provide to customize your experience on the site. We may communicate with you using email or other means available to us regarding the availability of services, service-related issues, or announcements that we believe may be of interest to you. We may, for example, send you welcome messages and emails regarding new features or services, and promotional information from COS. You may opt out of receiving promotional messages from COS by following the instructions contained in the email. As long as you're a registered user, however, you can't opt out of receiving service messages from us. COS may also use personal information in order to customize content on the site to you, such as news relevant to you or to your industry or company.

    (c) Communications from Others.

    Personal contact information may be provided to other members of a Project on a secure site to encourage and facilitate collaboration, research, and the free exchange of information. Please remember that any information (including personal information) that you disclose on the public sections of our Websites, such as forums, message boards, and news groups, becomes public information that others may collect, circulate, and use. Because we cannot and do not control the acts of others, you should exercise caution when deciding to disclose information about yourself or others in public forums such as these.

    (d) Sharing Information with Third Parties.

    COS may share your personal information with our vendors, agents or contractors, such as a vendor that may host COS's servers, but only on a "need to know" basis to help us operate our Websites and Services. By providing us with your personal information during the user registration process and by agreeing to the terms of this Privacy Policy, you expressly consent to our storing, processing, and distributing your information for these purposes.

    Information you put on your profile and any messages or comments you post on the public areas of our Websites may be seen by others. In keeping with our open process, COS may maintain publicly accessible archives of Projects for which the privacy level is designated as or amended to "Public" by the Administrator. In addition, should you post a comment or send an email to any of COS's hosted mail lists or discussion forums, subscribe to one of our newsletters or register for one of our public meetings, your email address may become part of the publicly accessible archives.

    Information on our Websites may result in display of some of your personal information outside of COS. For example, when you post messages or comments that are open for public review and/or discussion, your profile information, including your name as the contributor and your email address, may be displayed in public search engine results. Similarly, if you post to public areas of our Websites using a Public API such as Twitter, Facebook, or Google Groups, your account profiles associated with these third party products may be displayed to the public. Your public profile also may be indexed and displayed through public search engines when someone searches for your name on our Websites.

    You are responsible for any information you post on our Websites, and, subject to our Terms of Use and Privacy Policy, this information may be accessible to others. Accordingly, you should be aware that any information you choose to disclose on our Websites or Services may be read, collected, and used by other users within COS, and in the case of Projects and forums open to the public, by third parties. COS is not responsible for the information you choose to submit on our Websites.

    COS does not rent or sell or otherwise distribute personal information that you have shared with us, except as permitted in this Privacy Policy and our Terms of Use. We will not disclose personal information that is associated with your profile unless COS has a good faith belief that disclosure is permitted by law or is reasonably necessary to: (1) comply with a legal requirement or process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) investigate and enforce this Privacy Policy or our Terms Use; (3) respond to claims of a violation of the rights of third parties; (4) respond to member service inquiries; (5) protect the rights, property, or safety of COS, our users, or the public; or (6) as part of the sale of the assets of COS or as a change in control of the organization or one of its affiliates or in preparation for any of these events. COS reserves the right to supply any such information to any organization into which COS may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of the organization's mission. Any third party to which COS transfers or sells its assets will have the right to use the personal and other information that you provide in the manner set out in this Privacy Policy.

  13. DATA TRANSFER

    COS may store and process personal information on servers or on a cloud located outside of the country where you originally deposited data. The data protection laws of the country or countries where this personal information will be stored or processed might not be as comprehensive as those in your country. If you are unsure whether this Privacy Policy is in conflict with applicable local rules, you should not submit your information. If you are located within the European Union, you should note that your information will be transferred to the United States, which is deemed by the European Union to have inadequate data protection. By using our Websites and/or directly providing personal information to us, you hereby agree to and acknowledge your understanding of the terms of this Privacy Policy, and consent to have your personal data transferred to and processed in the United States and/or in other jurisdictions as determined by COS, notwithstanding your country of origin, or country, state and/or province of residence.

  14. GOVERNING LAW

    This Privacy Policy is governed in all respects by the laws of the Commonwealth of Virginia, excluding that state's conflicts of laws provisions. Any action or proceeding arising out of or related to this Policy or your use of the Websites or Services must be brought in the state or federal courts of the Commonwealth of Virginia, and you consent to the exclusive personal jurisdiction and venue of such courts. Any cause of action you may have with respect to this Policy or your use of the Websites or Services must be commenced within one (1) year after the claim or cause of action arises.

  15. YOUR OPT-OUT OPTIONS

    You may access, modify, correct, or delete your personal information controlled by COS regarding your profile, and you may close your account. You can also contact us for any account information which is not on your profile or readily accessible to you. If you close your account, some or all of your profile information may continue to remain visible on the Websites.

    You should be aware that information that you've shared with others or that others have copied may also remain visible after you have closed your account or deleted the information from your own profile. In addition, you may not be able to access, correct, or eliminate any information about you that other users have copied or exported out of the Websites, because this information may not be in our organization's control. Your public profile may be displayed in search engine results.

    From time to time COS may email you electronic newsletters, announcements, surveys or other information unrelated to any Project. If you prefer not to receive any or all of these communications, you may opt out by following the directions provided within the electronic newsletters and announcements. COS also may conduct polls and surveys of our users, and your participation in this type of research is at your sole discretion. COS may follow up with you regarding your participation in this research. You may at any time opt out of participating in these polls and surveys.

    Further, COS may send you occasional Service-related emails that you may not opt-out of (e.g. changes or updates to features of our Services that have security or privacy implications, technical and security notices, account verification).

  16. DATA RETENTION

    We will keep your personal information for as long as your account is active or as needed to comply with our legal obligations, even after you've closed your account, such as to meet regulatory requirements, resolve disputes between users, to prevent fraud and abuse, or to enforce this Privacy Policy and our Terms of Use. We may be required to retain personal information for a limited period of time if requested by law enforcement. We also may retain indefinitely non-personally identifiable, aggregate data to facilitate our ongoing operations.

  17. CONTACTING US

    Questions about this Privacy Policy can be directed to contact@centerforopenscience.org. Support is provided in English only.

    This Privacy Policy was last updated on August 11, 2014.