Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
142 lines (97 sloc) 6.99 KB
path date title noNav
/privacy/privacy/privacy
2018-05-03
Privacy
true

Privacy Notice for Human Cell Atlas Data Portal Public Website

This Privacy Notice explains what personal data is collected by the specific service you are requesting, for what purposes, how it is processed, and how we keep it secure. Note that this service collects personal data directly provided by the user, and also collects personal data from users that is provided by other organizations.

1. Who controls your personal data and how to contact us?

EMBL, Chan Zuckerberg Initiative, UC Santa Cruz and the Broad Institute are joint data controllers of your personal data on behalf of the Human Cell Atlas (HCA) Project, an unincorporated research project without separate legal personality.

For EMBL as data controller, contact details are:

Rolf Apweiler and Ewan Birney, EMBL-EBI Directors
EMBL-EBI
Wellcome Genome Campus, CB10 1SD Hinxton, Cambridgeshire, UK
Email: data-controller@ebi.ac.uk

The EMBL Data Protection Officer contact details are:

EMBL Data Protection Officer
EMBL Heidelberg
Meyerhofstraße 1, 69117 Heidelberg, Germany
Tel: +49 6221 387-0
Email: dpo@embl.org

For the Chan Zuckerberg Initiative as data controller, contact details are:

CZI Legal
Chan Zuckerberg Initiative
900 Middlefield Road, Redwood City, CA 94063, United States
Email: privacy@chanzuckerberg.com

For the University of California, Santa Cruz as data controller, contact details are:

David Haussler
University of California, Santa Cruz
1156 High Street, Santa Cruz, CA 95064, United States
Email: genomics.info@ucsc.edu

For the Broad Institute as data controller, contact details are:

The Office of the Chief Compliance Officer
Broad Institute
415 Main Street, Cambridge, MA 02142, United States
Email: privacy@broadinstitute.org

2. Which is the lawful basis for processing personal data?

We request your consent to process your personal data. If you do not consent to us processing your personal data, we will not be able to provide you access to the service or we will only provide you a subset of functionalities available within the service.

3. What data types are collected from users of the service and how do we use this data?

We collect the following data from users of the service, some of which may be personal data:

  • IP address
  • Client operating system
  • Browser version
  • Date and time of a visit to the service website
  • Statistics on web pages visited
  • Referrer header

If support (without logging in) is requested by users of the service we also collect:

  • Name
  • Email address
  • organization
  • organizational affiliation
  • Date and time when a support request is sent

If users login to the service we also collect:

  • Name
  • Email address
  • organization
  • organizational affiliation
  • Website avatar
  • Authorization refresh and access tokens

The data controller will use your personal data for the following purposes:

  • To provide the user access to the service
  • To communicate with the user regarding support requests
  • To develop, test and improve the service

4. Who will have access to your personal data?

The personal data will be disclosed to:

  • Authorized staff in the data controller’s institutions acting on behalf of the Human Cell Atlas Project.

The data controller will also rely on certain data processors to support the service and some of these processors will also be able to access the data listed above. A few non-exhaustive examples are listed below:

  • Google Analytics, which HCA relies on to analyze service usage (see https://www.google.com/analytics/terms/us.html). To learn more about how to opt out of Google’s use of cookies as part of its Analytics services, you may visit Google’s Ads Settings. You will be able to prevent your browsing data from being used by Google Analytics by installing Google’s opt-out browser add-on from the Google Analytics Opt-out Page.
  • Zendesk, which HCA relies on to manage and respond to help requests. More information about Zendesk can be found at their GDPR compliance statement.

5. Will your personal data be transferred to third countries (i.e. countries not part of EU/EEA) and/or international organizations?

Personal data is transferred to the following organization based in third countries and that provide the service on behalf of the Human Cell Atlas Project:

Chan Zuckerberg Initiative
900 Middlefield Road, Redwood City, CA 94063, United States\

UC Santa Cruz
1156 High Street, Santa Cruz, CA 95064, United States

Broad Institute
415 Main Street, Cambridge, MA 02142, United States

Zendesk
Zendesk Global HQ
1019 Market St, San Francisco, CA 94103, United States

There are no personal data transfers to international organizations. However, EMBL as a joint controller of this service is an international organization. Further details on EMBL’s data protection principles are accessible here.

6. How long do we keep your personal data?

Any personal data not directly obtained from you will be retained even after the service is no longer running. The data controllers will keep the personal data for the minimum amount of time possible to ensure legal compliance and the possibility to undergo internal and external audits.

7. The joint Data Controllers provide these rights regarding your personal data

You have the right to:

  1. Not be subject to decisions based solely on an automated processing of data (i.e. without human intervention) without you having your views taken into consideration.
  2. Request at reasonable intervals and without excessive delay or expense, information about the personal data processed about you. Under your request we will inform you in writing about, for example, the origin of the personal data or the preservation period.
  3. Request information to understand data processing activities when the results of these activities are applied to you.
  4. Object at any time to the processing of your personal data unless we can demonstrate that we have legitimate reasons to process your personal data.
  5. Request free of charge and without excessive delay rectification or erasure of your personal data if we have not been processing it respecting the data protection policies of the respective controllers.

Please note that rights 4 and 5 are only available whenever the processing of your personal data is not necessary to:

  • Comply with a legal obligation.
  • Perform a task carried out in the public interest.
  • Exercise authority as a data controller.
  • Archive for purposes in the public interest, or for historical research purposes, or for statistical purposes.
  • Establish, exercise or defend legal claims.
You can’t perform that action at this time.