SPARC DRC Privacy Policy

The SPARC DRC describes how and why we collect and process personal data.

SPARC Data and Resource Center - Privacy Policy

With this privacy policy, we, the SPARC Portal (hereinafter also Portal, we, or us), describe how and why we collect and further process personal data. This privacy policy is not necessarily a comprehensive description of our data processing. It is possible that other privacy policies are applicable to specific circumstances.

The term "personal data" in this privacy policy means any information relating to an identified or identifiable natural person ("data subject") -- an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The term “process” in this privacy policy means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.

You must not provide us with personal data of other persons (such as family members or work colleagues), regardless of whether you are allowed to do so and such personal data is correct, because there is no way for you to attest that the respective persons are aware of this Privacy Policy prior to providing us with these data.

1. Controller / Data Protection Officer / Representative
The "controller" of data processing as described in this Privacy Policy (i.e., the responsible person) is
SPARC Data and Resource Center
University of Pennsylvania
Philadelphia, PA 19104

You can notify us of any data protection related concerns using the following contact details: [email protected]

2. Collection and Processing of Personal Data
We primarily process personal data that we obtain from visitors and/or users of the SPARC Portal, SPARC Data and Resource Center websites (e.g., o²S²PARC), apps, and other applications (hereinafter also SPARC Portal Services, Portal Services, or Services).

We collect personal data when you visit or use the SPARC Portal, send us an email, respond to a survey, provide online feedback, register for the SPARC Portal and associated Services, subscribe to one of our online publications or email newsletters, or otherwise communicate with us. The SPARC Portal may collect personal data in connection with your use of the Portal Services:
• Contact information, such as your name, mailing address, and telephone number;
• Computer and device information, such as IP address and MAC address of your smartphone or computers, your device and settings, operating system, cookies, and localization data;
• Use information, such as date and time of your visit, sites and content retrieved, applications used, and referring website; survey information, such as satisfaction with content provided, product usage and satisfaction, and responses to solicited questions that you voluntarily contribute; and
• User-generated content, such as content you post for publication and/or use on our websites, or content you post on social media platforms

3. Purpose of Data Processing and Legal Grounds
We primarily collect personal data for internal and Portal Services-related purposes. Unless you explicitly provide us with personal data, for instance in a forum or on a contact form, we do not collect or process any of your personal data.

In addition, in line with applicable law and where appropriate, we may process your personal data for the following purposes, which are in our (or, as the case may be, any third party's) legitimate interest, such as:
• Improving, enhancing, and further developing the Services;
• Reviewing and optimizing procedures regarding usability and user friendliness of the Services;
• Opinion research, media surveillance;
• Ensuring our operation, including our IT, our websites, apps, and other appliances;
• Understanding how our Services are being used and usage patterns;
• Responding to your requests or inquiries;
• Enforcing our Terms of Service; and
• Sending you messages and push notifications when you sign up for our messaging services (e.g., SPARC listservs).

If you have given us your consent to process your personal data for certain purposes (for example when registering to get in touch with us or signing up to receive newsletters or surveys), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

By using our Services, consenting to the receipt of newsletters, or voluntarily participating in surveys you agree to our use of such techniques. If you object, you must configure your browser or e-mail program accordingly.

4. Cookies / Tracking and Other Techniques Regarding the Use of the SPARC Portal Services
We typically use "cookies" and similar techniques on the SPARC Portal and other Services, which allow for identification of your browser or device. A cookie is a small text file that is sent to your computer and automatically saved by the web browser on your computer or mobile device when you visit the SPARC Portal and other Services. If you revisit the SPARC Portal or other Services, we may recognize you, even if we do not know your identity. Besides cookies that are only used during a session and deleted after you visit the SPARC Portal or other Services ("session cookies"), we may use cookies in order to save user configurations and other information for a time period of thirty days ("persistent cookies"). Notwithstanding the foregoing, you may configure your browser settings in a way that it rejects cookies, only saves them for one session or deletes them prematurely. Most browsers are preset to accept cookies. We use permanent cookies for the purpose of saving user configuration (e.g., language). If you block cookies, it is possible that certain functions (such as, e.g., language settings) are no longer available to you.

We may use Google Analytics or similar services on the SPARC Portal and other Services. These are services provided by third parties, which may be located in any country worldwide (in the case of Google Analytics Google LLC is in the U.S., www.google.com) and which allow us to measure and evaluate the use of the SPARC Portal (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. The service provider does not receive (and does not retain) any personal data from us, but the service provider may track your use of the Portal Services, combine this information with data from other websites you have visited and which are also tracked by the respective service provider and may use this information for its own purposes (e.g., controlling of advertisements). If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the Portal Services (but not any personal information about the user).

5. Data Transfer and Transfer of Data Abroad
In line with the purposes of the data processing set out in Section 3, we may transfer personal data to third parties, insofar as such a transfer is permitted and we deem it necessary, in order for such third parties to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may include, but are not limited to:
• Other SPARC websites such as commonfund.nih.gov/sparc
• Our service providers, including processors (such as IT providers);
• Authorities or courts;
• The media;
• The public, including users of the SPARC Portal, Portal Services and social media;
• Other parties in possible or pending legal proceedings;
• Employees of the National Institutes of Health

The above recipients may be located in any country worldwide. In particular, you must anticipate your personal data being transmitted to any country in which the SPARC Portal is represented by affiliates, branches or other offices. For more information about SPARC, visit this link to the About page.

If the SPARC Portal is involved in a transition of service to another provider, your information may be disclosed in connection with the negotiation of such transaction, and/or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how the recipient entities may use or disclose such information.

6. Retention Periods for your Personal Data
We process and retain your personal data for as long as necessary to fulfil the purposes for which we collected it and comply with legal obligations. As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).

7. Data Security
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse such as IT and network security solutions, access controls and restrictions, and encryption of data carriers and transmissions.

8. Your Rights
In accordance with and as far as provided by applicable law, you have the right to access, rectification, and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data.

In addition, every user of the Portal Services has the right to enforce his/her rights in court or to lodge a complaint with his/her country’s competent data protection authority.

9. Amendments of this Privacy Policy
We may amend this Privacy Policy at any time without prior notice. The current version published on the SPARC Portal and other Services shall apply. If the Privacy Policy is part of an agreement with you, we will notify you by e-mail or other appropriate means in case of an amendment.