Privacy Policy - AnVIL Data Explorer
Transparency Regarding the Use of Your Personal Data
As part of our commitment to protecting your privacy, this statement is designed to provide you with information regarding how the AnVIL Data Explorer, part of UCSC Genomics Institute, collects and processes the information you share when you use our website located at https://anvilproject.org/, and each of its associated domains (together, the "Sites"), utilize the services of ours which include API, GUI and CLI, or when you otherwise communicate with AnVIL Data Explorer (“AnVIL Data Explorer Services”). This statement applies to individuals using AnVIL Data Explorer Services who are located in the European Economic Area (“EEA”).
Your Personal Data We Use
Information you provide: AnVIL Data Explorer collects personal information about you called Personal Data. We collect the following data from users of the service, some of which may be personal data:
- IP address
- Client operating system
- Browser version
- Date and time of a visit to the service website
- Statistics on web pages visited
- Referrer header
If support (without logging in) is requested by users of the service we also collect:
- Name
- Email address
- Organization
- Organizational affiliation
- Date and time when a support request is sent
If users login to the service we also collect:
- Name
- Email address
- Organization
- Organizational affiliation
- Website avatar
- Authorization refresh and access tokens
Log, Cookie and Device Data: We also collect log data, which is information collected whenever you visit a website. This log data includes your Internet Protocol address, device type, operating system, browser type and some settings, unique device identifiers, crash data, the date and time of your request, and information about how you used the Service.
Depending on how you are accessing the Services, we may also use “cookies” (small text files stored by your computer when you visit our website) or similar technologies. We use Google Analytics. Google Analytics uses cookies to help track the users visit to the site. In addition to log and cookie data, we also collect information about the device you’re using to access the Services, including what type of device it is, what operating system you are using, device settings, unique device identifiers and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. For example, different types of information are available depending on whether you are using a Mac or a PC, or an iPhone or Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
Information from Other Sources: We do not obtain information about you from other sources and we do not combine that information with information we collect from you directly.
We do not obtain more sensitive information about you, with your explicit consent, where the processing is necessary to meet a legal or regulatory obligation.
How We Use Your Personal Data and the Lawful Basis for Such Processing
AnVIL Data Explorer processes your Personal Data for the following purposes and bases:
- To provide you with access to the service
- To develop, test and improve the service
- To communicate with you regarding support requests
- Processing and dealing with any complaints or inquiries made by you or legally on your behalf.
- May also be required to disclose your Personal Data to authorities who can request this information by law.
In certain instances, the AnVIL Data Explorer may be required to obtain your consent to collect and process your Personal Data for a specific purpose. This depends on the specific category of data collected and the intended use of the data. In these instances, the AnVIL Data Explore Service will inform you of the specific category of Personal Data that will be collected and the intended purpose of the collection, and will request that you affirmatively indicate that you consent to the intended collection of your Personal Data for that purpose, prior to collecting the data.
In these instances, if you do not consent to the collection and intended processing purpose, AnVIL Data Explore will refrain from collecting and processing your Personal Data.
Recipients of Your Personal Data
AnVIL Data Explorer may share your Personal Data with the following recipients:
- Service Providers: Vendors that need access to your Personal Data in order to provide AnVIL Data Explorer Services. AWS CloudWatch may collect Personal data for the purposes of logging and monitoring.
- Partners and Collaborators: When permitted by law, may share Personal Data with the Broad Institute to support the operation of the AnVIL Data Explorer .
- Public and Governmental Authorities: Entities that regulate or have jurisdiction over AnVIL Data Explorer team such as regulatory authorities, law enforcement, public bodies, and judicial bodies.
If your Personal Data is shared with a third party, AnVIL Data Explore team will require that the third party use appropriate measures to protect the confidentiality and security of your Personal Data.
Security
AnVIL Data Explore takes appropriate physical, administrative, and technical measures to protect Personal Data that are consistent with applicable privacy and data security laws and regulations. The AnVIL Data Explorer aligns with NIST SP 800 53 rev 4 and is mandated to have an annual security control assessment, penetration testing and plan of action and milestone (POA&M).
Retaining and Deleting Your Personal Data
AnVIL Data Explore team will only retain your Personal Data for the duration necessary for the data collection purposes identified above, unless there is a legal requirement to maintain it for a longer period. Logs are Retained at minimum for a year to support on demand audit review, reporting requirement and after the fact security investigation.
Automated Decisions, Profiling and Behavioral Advertising
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved or that have a similarly significant impact.
AnVIL Data Explorer does not make use of automated decisions or utilizes profiling for any purpose.
In certain instances, we may be required to obtain your consent to make automated decisions or profile. In these instances, we will inform you of the automated decision-making or profiling, and will request that you affirmatively indicate that you consent to the intended use of your Personal Data for that purpose, prior to the automated decision-making or profiling. Where automated decisions are made or profiling is used, affected persons will be given an opportunity to express their views on the automated decision in question and instructions on how such persons can object to, or opt-out of such processing.
We do not allow others to serve advertisements on our behalf across the Internet and to provide analytics services.
Your Rights
As required by the General Data Protection Regulation and applicable EU Member State and EEA state law, if you are located in the European Economic Area, you have a right to:
- Access your Personal Data, as well as information relating to the recipients of your Personal Data, the purposes of processing your Personal Data, the duration for which the Personal Data will be stored, and the source of Personal Data that has not been provided by you;
- Rectify or correct inaccurate or incomplete Personal Data concerning you, taking into account the purposes of the processing, and the right to have incomplete Personal Data completed;
- Move your Personal Data to another controller or processor. AnVIL Data Explorer team will facilitate the lawful transfer of your data to the extent possible;
- Have your Personal Data erased in certain circumstances;
- Restrict the processing of your Personal Data in certain circumstances;
- Object to the processing of Personal Data in certain circumstances;
- Withdraw your consent to the processing of your Personal Data, should AnVIL Data Explore ask for your consent for the processing of your Personal Data. The withdrawal does not affect the lawfulness of processing based on your consent before its withdrawal.
- Know whether your Personal Data is being used for automated decision-making, including profiling. In those cases, we will give you meaningful information about the logic involved, the significance and the envisaged consequences of such processing for your data, and the right to request human intervention; and
- Lodge a complaint with a supervisory authority.
AnVIL Data Explorer may be obligated to retain your Personal Data as required by U.S. federal or state law.
If you wish to exercise your rights, you can contact the Privacy Official identified below.
You may choose not to visit or use the sites or participate in AnVIL Data Explorer Services. If you choose not to share your Personal Data with us or approved third parties for AnVIL Data Explorer Services your site usage will not be tracked and you will not be able to login to view controlled-access data. You will still be able to view and access open-access data. You may choose to set your web browser to refuse cookies or to alert you when cookies are being sent. If cookies are turned off the portal and browser will continue to function however Google Analytics tracking will not function.
Questions and Complaints; UC Privacy Official
If you have questions or complaints about our treatment of your Personal Data, or about our privacy practices more generally, please feel free to contact the UCSC Privacy Official: privacy@ucsc.edu.
Effective Date: This statement is effective as of 01/12/2024.