CENTER FOR OPEN SCIENCE, INC.
Center for Open Science, Inc. (referred to as "COS", "Open Science Framework", "OSF", "us" "our" and "we") is a nonprofit organization that operates certain websites at the cos.io (or centerforopenscience.org) and the osf.io (or openscienceframework.org) URLs ("Websites" or "Services"). COS conducts research on scientific practices and provides grants for relevant projects. COS fosters an open and interactive community among open-source developers, open-science researchers, and the broader scientific community. We also support and improve the scientific workflow by connecting technologies that researchers use by means of our development and administration of OSF.
4. CHILDREN'S PRIVACY
COS is committed to protecting the privacy needs of children. COS does not intentionally collect information from children under the age of 16, and COS does not target its sites to children. Only persons who are more than 18 years-old or an emancipated minor may use our Websites and Services. By accessing our Websites and Services, you are legally acknowledging that you are over the age of 18 or an emancipated minor. If you are under the age of 18, you don't have the legal right to access our Websites and Services.
5. CALIFORNIA SHINE THE LIGHT LAW
California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information, please email us at firstname.lastname@example.org with the subject line "Request for California Privacy Information", we will send you a reply e-mail containing the requested information. Not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.
We have implemented industry-standard security safeguards designed to protect the personal information that you may provide. We also periodically monitor our system for possible vulnerabilities and attacks, consistent with industry standards. You should be aware, however, that since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you submit to the site. There's also no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It's your responsibility to protect the security and integrity of your account details, including your username and password. To maintain the security of your information (or another user's personal information that you are authorized to manage as an Administrator), you must keep your username(s) and password(s) strictly confidential and not disclose them to anyone. You will be solely responsible for any action, activities, and access to our Websites and Services that are taken using your username and password and that occurred before you notified us of their loss. If you become aware of any security breach of your password or of the security of the Websites or Services, you must contact us as soon as possible at email@example.com.
7. TYPES OF INFORMATION WE COLLECT
Unless you are a member of the general public with limited viewing rights, in order to fully use the COS Websites and Services, you will need to create an account by providing us with at least your name, email address, and a password. You can choose to provide other information about yourself in your account profile during the registration process (for example, your organizational or company affiliation, your level of education, location, your job title, professional experience, professional affiliations and memberships, etc.). This information that you voluntarily provide may be seen by other users who view your profile. We collect this information only with your consent.
(b) Group Participation
We may collect information when you use our Websites, such as when you join and participate in any group, participate in any polls or surveys, or otherwise interact with other users within the community.
(c) Non-Personal Information
Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity COS may collect, analyze, and share aggregated non-personal information to evaluate how visitors use our Websites and Services.
(d) Aggregate Information
COS may collect aggregate information, which refers to information your computer automatically provides us and that cannot be tied back to you as a specific individual. This information can be shared with third parties without restriction. Examples include referral data (the sites you visited just before and just after our site), the pages viewed, the date of your visit, and time spent at our Websites.
(e) Log Files and IP Addresses
We may collect information from the devices and networks that you use to visit the Websites in order to help improve the services we provide, including your Internet Protocol Address (IP Address). An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from one of our sites, our servers log your IP address to create aggregate reports on user demographics, traffic patterns, metascience, and for purposes of system administration. Every time you request or download a file from the site, COS may store data about these events and your IP address in a log file. We may use this information to analyze trends, administer the site, track users' movements, and gather broad demographic information for aggregate use or for other business purposes. When you access or leave our Websites by clicking on a hyperlink, we receive the URL from the site from which you last visited or the one to which you're directed. We may receive the Internet Protocol ("IP") address of your computer or proxy server used to access the site, your operating system, the type of browser you used, and the type of device you use, the Application Programming Interface ("API") you use, or your mobile device carrier or your ISP. We also may receive location data passed to us from third-party services or GPS-enabled devices that you have set up in order to customize your experience based on location information.
(g) Web Beacons
(h) New Technologies
As new technologies emerge, COS may be able to improve our services or provide you with new ones, which means that COS may create new ways to collect information on our Websites. If we offer a new service or new features to our existing Websites, for example, these changes may result in our collecting new information in order to improve your user experience.
8. COS ADMINISTRATORS AND MODERATORS
9. LINKS TO THIRD-PARTY SITES AND SERVICES
We may receive information when you use your account to log into a third-party site or application in order to recommend tailored information to you and to improve your user experience on our Websites. We may provide reports containing aggregated impression information to third parties to measure Internet traffic and usage patterns.
Project. A "Project" is an individual or collaborative enterprise that also may have embedded within it subproject(s) or "Project components" or "component(s)" of the Project.
Preprint. A “Preprint” is a publicly shared document and associated metadata. Preprints cannot be deleted, but can be withdrawn, leaving behind metadata about the resource.
Registration. A “Registration” is a frozen (uneditable), timestamped version of a Project and/or its Components. Registrations cannot be deleted, but can be withdrawn, leaving behind basic metadata about the resource.
Collection. A “Collection” is a group of content hosted on OSF. Examples include OSF Preprints, OSF Registries, OSF Meetings, and branded community-organized services utilizing OSF infrastructure.
Proxy. A Proxy is a person to whom the Administrator has granted the authority to manage a Project or Project component on his or her behalf, which may include setting and modifying user access, privacy settings, license terms, and editing and depositing Content.
Contributing User. A Contributing User may access, deposit, and edit Content to a Project, Project component, or Preprint.
Active User. An Active User may have select interactive use of the Websites and Services, subject to restrictions imposed by the Administrator.
Passive User. A passive user, including journal editors/reviewers, other scientists, and members of the general public, may use the Websites and Services solely as an information resource without any ability to change or modify any Project content.
Collection Admin. A Collection Admin is an individual who determines content requirements and moderation settings for a Collection and assigns Reviewers.
Reviewer. A reviewer may use the Website and Services to review content submitted to a Collection, provide comment on it, accept or reject its submission to the Collection, and update its metadata as it relates to the Collection.
Public API. An application program interface available to the public to facilitate computer communication with the OSF. Parts or all of the Websites and Services are accessible via various Public APIs, including but not limited to, GitHub, Twitter, Facebook, YouTube, Google Scholar and Google Groups, and LinkedIn.
Privacy Settings. Privacy Settings define whether Project Content may be publicly displayed, displayed with restricted access to a limited group, or private.
Trusted Party. A Trusted Party is an individual or organization to which the Administrator has given the right to view, edit, and/or deposit specific data within a Project or Project component.
11. PRIVACY SETTINGS
Projects, Project components, Preprints, and Registrations can be created by an Administrator. The Administrator may choose whether to designate and make Content public, limited access or private. If an Administrator wishes to send you an invitation to participate in a Project, Project component, Preprint, or Registration, the Administrator or COS will send you an email. Once you accept the invitation, your personal profile information may be made available to others collaborating on the Project, Preprint, or Registration, subject to the specific privacy access restrictions imposed by the Administrator of your Project, Preprint, or Registration.
Public. Content marked as "Public" will be available to the public for viewing and commercial and non-commercial use under the terms of the license identified by the Administrator.
Private. Content marked as "Private" may be viewed through the OSF or Public API only by the Administrator(s), a Contributing User of that Project or Component, anyone with a view-only link created by an Administrator, or any designated Proxy. Private data are not shared with the public, Trusted Parties, or other members of the COS. Only the COS employees and our authorized agents' or contractors' staff, with a "need to know" access to manage the Websites and Services and process data for the COS are able to view Private Access Data.
Embargoed. Content marked as “Embargoed” may be viewed through the OSF or Public API only by the Administrator(s), a Contributing User of that Project or Component, anyone with a view-only link created by an Administrator, or any designated Proxy ("Private"), until the Embargo date has passed, at which time the content will be made Public automatically.
Limited Access. Content marked as "Limited Access" may be viewed through our Websites and Services by the Project Administrator, a Proxy, a Contributing User, an Active or Passive User, and a Trusted Party, subject to the restrictions imposed by the Administrator.
Under Review. Content submitted to services using OSF Reviews may be “Private,” yet available to designated Reviewers of the service for viewing and accepting or rejecting.
If an Administrator changes the privacy settings of a Project, those changes will be applied prospectively. For example, if an Administrator changes a privacy setting from "Public" to "Private" or "Limited Access", there is no way for COS to restrict people who have previously viewed or downloaded the previously publicly accessible Content from using it.
12. HOW WE USE YOUR PERSONAL INFORMATION
(a) Consent to COS to Use Personal Information
COS may use personal information you supply to provide services that support the activities of the organization, its members, and their collaboration on Projects: contacting users, understanding aggregate usage of the site, and tailoring services. When accessing the Websites, your personal user information may be tracked by COS in order to support collaboration, ensure authorized access, and enable communication between collaborators.
(b) Communications from COS
We use the information you provide to customize your experience on the site. We may communicate with you using email or other means available to us regarding the availability of services, service-related issues, or announcements that we believe may be of interest to you. We may, for example, send you welcome messages and emails regarding new features or services, and promotional information from COS. You may opt out of receiving promotional messages from COS by following the instructions contained in the email. As long as you're a registered user, however, you can't opt out of receiving service messages from us. COS may also use personal information in order to customize content on the site to you, such as news relevant to you or to your industry or company.
(c) Communications from Others
Personal contact information may be provided to other members of a Project on a secure site to encourage and facilitate collaboration, research, and the free exchange of information. Please remember that any information (including personal information) that you disclose on the public sections of our Websites, such as forums, message boards, and news groups, becomes public information that others may collect, circulate, and use. Because we cannot and do not control the acts of others, you should exercise caution when deciding to disclose information about yourself or others in public forums such as these.
(d) Sharing Information with Third Parties
Information you put on your profile and any messages or comments you post on the public areas of our Websites may be seen by others. In keeping with our open process, COS may maintain publicly accessible archives of Projects for which the privacy level is designated as or amended to "Public" by the Administrator. In addition, should you post a comment or send an email to any of COS's hosted mail lists or discussion forums, subscribe to one of our newsletters or register for one of our public meetings, your email address may become part of the publicly accessible archives.
Information on our Websites may result in display of some of your personal information outside of COS. For example, when you post messages or comments that are open for public review and/or discussion, your profile information, including your name as the contributor and your email address, may be displayed in public search-engine results. Similarly, if you post to public areas of our Websites using a Public API such as Twitter, Facebook, or Google Groups, your account profiles associated with these third-party products may be displayed to the public. Your public profile also may be indexed and displayed through public search engines when someone searches for your name on our Websites.
13. DATA TRANSFER
14. GOVERNING LAW
15. YOUR OPT-OUT OPTIONS
You may access, modify, correct, or delete your personal information controlled by COS regarding your profile, and you may close your account. You can also contact us for any account information which is not on your profile or readily accessible to you. If you close your account, some or all of your profile information may continue to remain visible on the Websites.
You should be aware that information that you've shared with others or that others have copied may also remain visible after you have closed your account or deleted the information from your own profile. In addition, you may not be able to access, correct, or eliminate any information about you that other users have copied or exported out of the Websites, because this information may not be in our organization's control. Your public profile may be displayed in search engine results.
From time to time COS may email you electronic newsletters, announcements, surveys, or other information unrelated to any Project. If you prefer not to receive any or all of these communications, you may opt out by following the directions provided within the electronic newsletters and announcements. COS also may conduct polls and surveys of our users, and your participation in this type of research is at your sole discretion. COS may follow up with you regarding your participation in this research. You may at any time opt out of participating in these polls and surveys.
Further, COS may send you occasional Service-related emails that you may not opt-out of (e.g. changes or updates to features of our Services that have security or privacy implications, technical and security notices, account verification).
16. DATA RETENTION
17. GENERAL DATA PROTECTION REGULATION
If you are a resident of or are located in the European Economic Area (“EEA”), you may have certain rights under the General Data Protection Regulation (“GDPR”). Personal data you provide is only collected with your consent, and may be transmitted outside of the EEA to COS (or computer servers maintained for the benefit of COS) pursuant to that consent.
In general, under the GDPR you may:
- request access to your personal data
- have incomplete or incorrect data corrected
- have your personal data deleted
- suspend or restrict our use of your personal data, or withdraw your consent
- request a copy of your personal data
- complain to a supervisory authority if you believe your rights under the GDPR are not being respected
Should you request a copy of your personal data, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Should you request the deletion of your personal data, COS will generally do so as soon as practicable, although your right to have your personal data deleted is subject to exceptions, such as, for example, compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
If you consider that our processing of your personal information infringes data-protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Contact COS at firstname.lastname@example.org if you have concerns regarding your personal data, or wish to exercise any of these listed rights.
Note that, if you are in the EEA, we may transfer your personal data outside of the EEA, including to the United States. By way of example, this may happen if your personal data is transferred to our servers located in a country outside of the EEA. These countries may not have similar data-protection laws to the EEA. By submitting your personal data, you’re agreeing to this transfer, storing, or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
18. CONTACTING US