Last updated: 2020-04-02
This Privacy Policy relates to Personal Data held and processed by ASAPbio and is provided for users to make an informed decision when consenting to sharing Personal Data with us either directly or implicitly by using the ASAPbio website and/or resources.
“Personal Data” is defined by the European Commission as “any information that relates to an identified or identifiable living individual”, and we use this definition in the ASAPbio Privacy Policy.
Who we are
“ASAPbio” and “We” means ASAPbio as an organisation and its staff members. ASAPbio is a scientist-driven non-profit promoting transparency and innovation in life science communication. All staff members and the Board of Directors are listed at https://asapbio.org/about-us.
The “ASAPbio website” is https://asapbio.org and all pages accessed at this domain.
For any queries relating to personal data and privacy, please contact us at jessica.polka@asapbio.org.
What types of Personal Data does ASAPbio hold and for what purpose(s)?
ASAPbio collects Personal Data contributed directly to us by the individual, which may include:
- Name
- Email address
- Postal address or location
- Job role and institution and research field
- Social media identifier
- Scientific society membership
- Correspondence
- Information about ASAPbio staff, Board of Directors and prospective applicants as required for human resources
as well as process-generated data, such as:
- Website usage data
- Form sign-up date and time
- Email newsletter open reports
- Information about incidents relevant to the ASAPbio Code of Conduct that are reported to ASAPbio and/or gathered by ASAPbio
We process these personal data for the day-to-day management and operation of ASAPbio. These activities include and are not limited to:
- Sharing news and announcements with consenting subscribers
- Managing the community of ASAPbio ambassadors
- Reporting to and communicating with our funders
- Providing services to the wider research community (for example, posting ASAPbio stickers to anyone who requests them)
- Business analysis and development
How does ASAPbio store and process Personal Data?
Please note that ASAPbio is registered in the United States of America (hereafter, USA) and operates from around the world (as staff and via third-party services). We cannot guarantee that the privacy protections afforded to you within your own legal jurisdiction are the same as those offered within the legal jurisdictions we operate within. We will make best efforts to protect your privacy and ensure data is held and processed securely.
ASAPbio stores data in several online locations, namely using Google Drive and WordPress installations at our hosting provider, 1&1 IONOS. Further details about online and cloud services are provided below. On occasion, data may be stored locally on ASAPbio staff laptops and mobile devices. These hardware are password-protected and are not left unattended or unlocked in public spaces. Access to mail servers and cloud services from staff computers is via HTTPS.
We retain Personal Data for as long as is reasonably necessary to fulfil the stated purpose(s) and while this purpose and the processing of the data remains lawful, which may be indefinitely for the purpose of making business development decisions for ASAPbio or for ensuring legal compliance with providing access to information by auditors.
Mailchimp
Any user can sign up for the ASAPbio newsletter by providing their email and consent through a double opt-in confirmation process. We operate the newsletter using Mailchimp. We store and access name, email, sign-up date and time. These data are accessible to ASAPbio site admins only, namely the Executive Director and Associate Director. We will retain these data for as long as is reasonably necessary to ensure legal compliance and facilitate business analysis and development. Email newsletter subscribers can unsubscribe from future communications using the unsubscribe link provided in every newsletter; unsubscribing does not erase historic data associated with that user.
Website usage data & cookies
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Visitor comments may be checked through an automated spam detection service.
Analytics
ASAPbio tracks usage of the ASAPbio website in order to make decisions on how to develop and improve our activities and the ASAPbio website. We use Google Analytics Dashboard for WordPress by ExactMetrics, which provides a report on website usage by tracking and processing Personal Data including IP address (anonymised), date and time of visit, time on site, and source of referral. Google Analytics stats and reports are visible to ASAPbio website admins only, namely the Executive Director and Associate Director. IP addresses are not visible or included in reports. User and event data is retained for 26 months. Website visitors can prevent their data from being used by Google Analytics by installing the Google Analytics Opt-Out Browser Add-on provided by Google.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Please note we include links on the ASAPbio website and within materials we share with you (including emails and documents) that may direct you to external websites not operated by ASAPbio. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. We are not responsible for other organisations and individuals who collect store and process data about your visit to their site.
Other types of Personal Data shared directly with us
For other types of Personal Data, we use G Suite products and the ASAPbio G Suite accounts to collect, process and store these data. The ASAPbio website data is backed up periodically and the backup file is stored in the ASAPbio Google Drive. Emails sent between Google services (which includes internal communication among ASAPbio staff) are encrypted in transit, and we encourage you to use these services when transmitting information to ASAPbio.
We will ask for consent to store, process and share your Personal Data when you are contributing it directly with us, for example when subscribing to the ASAPbio newsletter, signing up to be an ASAPbio ambassador or requesting we send you ASAPbio stickers through the mail. During these processes, it will be clear which data you will be sharing with us, we will provide a link to this Privacy Policy to inform you about our usage of your Personal Data and your rights, and we will ask for your explicit consent for ASAPbio to process your Personal Data according to this Privacy Policy and any stated purpose(s).
Personal Data we process from external products and services
We and the people we interact with also use external products and services, such as Google Groups, Slack, Twitter, YouTube and other social platforms. This policy does not govern any communications or data exchanged on external sites; we recommend you check their own privacy policies or notices. However, we do retain records of Twitter activity relevant to ASAPbio (including and not limited to tweets using the hashtags: #asapbio #PublishPeerReview #bioPeerReview #preprints); overview stats about interactions with the ASAPbio Twitter channel, usage of the ASAPbio YouTube channel and interactions between ASAPbio Ambassadors using Slack; and records of conversations on Google Groups. These records stored by ASAPbio are governed by this Privacy Policy.
Use of Google services to store and process data
ASAPbio uses G Suite for Nonprofits by Google Cloud, which is provided under their Data Processing terms: https://gsuite.google.com/terms/dpa_terms.html. The data we hold in the ASAPbio Google Drive, including Personal Data, is accessible to ASAPbio staff and the President of the Board of Directors. We do not share information with third parties for marketing purposes. We do share personal information with external stakeholders and other organisations when doing so is likely to benefit the ASAPbio mission and the information is not deemed to be private or sensitive. For example:
- We make email introductions between stakeholders and community members, except when we have been asked not to share an email contact;
- We share the names and institutional location of ASAPbio ambassadors online, with consent to do so;
- We share the aggregated results after processing of personal data for the evaluation of ASAPbio operations: this may include website usage or growth of the ambassador community, and results may be shared with close stakeholders (such as the ASAPbio board of directors) or the general public;
- We share data with Google services (including but not limited to Google Drive and Google Analytics) for the purpose of using these services for the day-to-day management and operation of ASAPbio.
Data processed by Google Analytics or stored using Google Drive may be transferred outside the EEA and Switzerland in order for Google to provide services. We do not share Personal Data with Google and Google does not collect this information. For more information, please see information provided by Google about their data protection and privacy policies, including:
- How Google uses information from sites or apps that use Google’s services
- Google’s Data Processing Terms (as required by GDPR)
Your rights
If you are a citizen or resident in a country in the European Union, we must process your Personal Data according to the General Data Protection Regulation, under which you have the right to:
- Request information about the Personal Data we hold about you and how we use it;
- Request access to the Personal Data we hold about you, including in machine-readable format for the transfer to another data controller;
- Ask us to correct any incorrect Personal Data;
- Ask us to erase any Personal Data when it is no longer needed or if processing it is unlawful;
- Tell us you object to the processing of your Personal Data for the purpose of direct marketing, scientific/historical research and statistics and/or the legitimate interest of ASAPbio or for activities in the public interest or for an official authority, and ask us to restrict or stop processing your data for these reasons (we may continue to process your data for specific reasons despite your objections; for further details, see here);
- Request that decisions we make about you are not only based on automated data processing;
- Be informed promptly about any breach that has or may have revealed your Personal Data to a third party without permission.
Further details about these rights are provided by the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights.
To exercise any of these rights, please contact us on jessica.polka@asapbio.org. We must respond to your requests within one month, and we may need to ask you to prove your identity. We will consider requests regarding the above rights from anyone ASAPbio interacts with, regardless of citizenship or residency.
Please note we may not intend to or be able to comply with a request where it is impracticable and/or we need to retain and/or continue to process data in order to ensure compliance with regulations in the United States of America and the state of California, where ASAPbio is registered. For example, we are not able to manually delete an individual’s website usage data: we receive these data in aggregate and anonymised form; the user can delete cookies and prevent further tracking using their browser’s settings and add-ons. As a non-profit registered in California, USA, we are required to retain volunteer records and employment applications for 3 years, general correspondence for 4 years and other Personal Data for longer.
Acknowledgements
While drafting the ASAPbio Privacy Policy, we referred to and adapted policies and notices by eLife, EMBL-EBI, iBiology, the MIT Knowledge Futures Group and the Privacy Policy auto-generated for the WordPress site.
We also referred to the following resources:
- Individual rights under GDPR: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en#reference
- Document retention for non-profits registered in California, USA: https://blueavocado.org/editors-picks/model-document-retention-policy-for-nonprofits/
Changelog
ASAPbio may change this Privacy Policy as and when needed, and we will detail changes in the changelog below.
2020-04-02: Change “Email subscribers” to Mailchimp to reflect new newsletter management system.
2020-02-20: First published.