Last updated: 17 April 2019 (see below for full changelog)
Who we are
“ASAPbio” and “We” means ASAPbio as an organisation and its staff members. ASAPbio is a scientist-driven non-profit promoting transparency and innovation in life science communication. All staff members and the Board of Directors are listed at https://asapbio.org/about-us.
The “ASAPbio website” is https://asapbio.org and all pages accessed at this domain.
For any queries relating to personal data and privacy, please contact us at firstname.lastname@example.org.
What types of Personal Data does ASAPbio hold and for what purpose(s)?
ASAPbio collects Personal Data contributed directly to us by the individual, which may include:
- Email address
- Postal address or location
- Job role and institution and research field
- Social media identifier
- Scientific society membership
- Information about ASAPbio staff, Board of Directors and prospective applicants as required for human resources
as well as process-generated data, such as:
- Website usage data
- Sign-up date and time
- Email newsletter open reports
We process these personal data for the day-to-day management and operation of ASAPbio. These activities include and are not limited to:
- Sharing news and announcements with consenting subscribers
- Managing the self-nominated community of ASAPbio ambassadors
- Reporting to and communicating with our funders
- Providing services to the wider research community (for example, posting ASAPbio stickers to anyone who requests them)
- Business analysis and development
How does ASAPbio store and process Personal Data?
Please note that ASAPbio is registered in the United States of America (hereafter, USA) and operates from around the world (as staff and via third-party services). We cannot guarantee that the privacy protections afforded to you within your own legal jurisdiction are the same as those offered within the legal jurisdictions we operate within. We will make best efforts to protect your privacy and ensure data is held and processed securely.
ASAPbio stores data in several online locations, namely using Google Drive and WordPress installations at our hosting provider, 1&1 IONOS. Further details about online and cloud services are provided below. On occasion, data may be stored locally on ASAPbio staff laptops and mobile devices. These hardware are password-protected and are not left unattended or unlocked in public spaces. Access to mail servers and cloud services from staff computers is via HTTPS.
We retain Personal Data for as long as is reasonably necessary to fulfil the stated purpose(s) and while this purpose and the processing of the data remains lawful, which may be indefinitely for the purpose of making business development decisions for ASAPbio or for ensuring legal compliance with providing access to information by auditors.
Any user can sign up for the ASAPbio newsletter by providing their email and consent through a double opt-in confirmation process. We operate the newsletter using the Email Subscribers plug-in for WordPress provided by Icegram. We store and access name, email, sign-up date and time and newsletter viewing stats via this plug-in. These data are accessible to ASAPbio site admins only, namely the Executive Director and Associate Director. We will retain these data for as long as is reasonably necessary to ensure legal compliance and facilitate business analysis and development. Email newsletter subscribers can unsubscribe from future communications using the unsubscribe link provided in every newsletter; unsubscribing does not erase historic data associated with that user.
Website usage data & cookies
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Visitor comments may be checked through an automated spam detection service.
ASAPbio tracks usage of the ASAPbio website in order to make decisions on how to develop and improve our activities and the ASAPbio website. We use Google Analytics Dashboard for WordPress by ExactMetrics, which provides a report on website usage by tracking and processing Personal Data including IP address (anonymised), date and time of visit, time on site, and source of referral. Google Analytics stats and reports are visible to ASAPbio website admins only, namely the Executive Director and Associate Director. IP addresses are not visible or included in reports. User and event data is retained for 26 months. Website visitors can prevent their data from being used by Google Analytics by installing the Google Analytics Opt-Out Browser Add-on provided by Google.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Please note we include links on the ASAPbio website and within materials we share with you (including emails and documents) that may direct you to external websites not operated by ASAPbio. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Other types of Personal Data shared directly with us
For other types of Personal Data, we use G Suite products and the ASAPbio G Suite accounts to collect, process and store these data. The ASAPbio website data is backed up periodically and the backup file is stored in the ASAPbio Google Drive. Emails sent between Google services (which includes internal communication among ASAPbio staff) are encrypted in transit, and we encourage you to use these services when transmitting information to ASAPbio.
Personal Data we process from external products and services
Use of Google services to store and process data
ASAPbio uses G Suite for Nonprofits by Google Cloud, which is provided under their Data Processing terms: https://gsuite.google.com/terms/dpa_terms.html. The data we hold in the ASAPbio Google Drive, including Personal Data, is accessible to ASAPbio staff and the President of the Board of Directors. We do not share information with third parties for marketing purposes. We do share personal information with external stakeholders and other organisations when doing so is likely to benefit the ASAPbio mission and the information is not deemed to be private or sensitive. For example:
- We make email introductions between stakeholders and community members, except when we have been asked not to share an email contact;
- We share the names and institutional location of ASAPbio ambassadors online after with consent to do so;
- We share the aggregated results after processing of personal data for the evaluation of ASAPbio operations: this may include website usage and growth of the ambassador community, and results may be shared with close stakeholders (such as the ASAPbio board of directors) or the general public;
- We share data with Google services (including but not limited to Google Drive and Google Analytics) for the purpose of using these services for the day-to-day management and operation of ASAPbio.
Data processed by Google Analytics or stored using Google Drive may be transferred outside the EEA and Switzerland in order for Google to provide services. We do not share Personal Data with Google and Google does not collect this information. For more information, please see information provided by Google about their data protection and privacy policies, including:
- How Google uses information from sites or apps that use Google’s services
- Google’s Data Processing Terms (as required by GDPR)
If you are a citizen or resident in a country in the European Union, we must process your Personal Data according to the General Data Protection Regulation, under which you have the right to:
- Request information about the Personal Data we hold about you and how we use it;
- Request access to the Personal Data we hold about you, including in machine-readable format for the transfer to another data controller;
- Ask us to correct any incorrect Personal Data;
- Ask us to erase any Personal Data when it is no longer needed or if processing it is unlawful;
- Tell us you object to the processing of your Personal Data for the purpose of direct marketing, scientific/historical research and statistics and/or the legitimate interest of ASAPbio or for activities in the public interest or for an official authority, and ask us to restrict or stop processing your data for these reasons (we may continue to process your data for specific reasons despite your objections; for further details, see here);
- Request that decisions we make about you are not only based on automated data processing;
- Be informed promptly about any breach that has or may have revealed your Personal Data to a third party without permission.
Further details about these rights are provided by the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights.
To exercise any of these rights, please contact us on email@example.com. We must respond to your requests within one month, and we may need to ask you to prove your identity. We will consider requests regarding the above rights from anyone ASAPbio interacts with, regardless of citizenship or residency.
Please note we may not intend to or be able to comply with a request where it is impracticable and/or we need to retain and/or continue to process data in order to ensure compliance with regulations in the United States of America and the state of California, where ASAPbio is registered. For example, we are not able to manually delete an individual’s website usage data: we receive these data in aggregate and anonymised form; the user can delete cookies and prevent further tracking using their browser’s settings and add-ons. As a non-profit registered in California, USA, we are required to retain volunteer records and employment applications for 3 years, general correspondence for 4 years and other Personal Data for longer.
We also referred to the following resources:
- Individual rights under GDPR: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en#reference
- Document retention for non-profits registered in California, USA: https://blueavocado.org/editors-picks/model-document-retention-policy-for-nonprofits/
|17 April 2019