The SPARC DRC describes how and why we collect and process personal data.
1. Controller / Data Protection Officer / Representative
SPARC Data and Resource Center
University of Pennsylvania
Philadelphia, PA 19104
You can notify us of any data protection related concerns using the following contact details: [email protected]
2. Collection and Processing of Personal Data
We primarily process personal data that we obtain from visitors and/or users of the SPARC Portal, SPARC Data and Resource Center websites (e.g., o²S²PARC), apps, and other applications (hereinafter also SPARC Portal Services, Portal Services, or Services).
We collect personal data when you visit or use the SPARC Portal, send us an email, respond to a survey, provide online feedback, register for the SPARC Portal and associated Services, subscribe to one of our online publications or email newsletters, or otherwise communicate with us. The SPARC Portal may collect personal data in connection with your use of the Portal Services:
• Contact information, such as your name, mailing address, and telephone number;
• Computer and device information, such as IP address and MAC address of your smartphone or computers, your device and settings, operating system, cookies, and localization data;
• Use information, such as date and time of your visit, sites and content retrieved, applications used, and referring website; survey information, such as satisfaction with content provided, product usage and satisfaction, and responses to solicited questions that you voluntarily contribute; and
• User-generated content, such as content you post for publication and/or use on our websites, or content you post on social media platforms
3. Purpose of Data Processing and Legal Grounds
We primarily collect personal data for internal and Portal Services-related purposes. Unless you explicitly provide us with personal data, for instance in a forum or on a contact form, we do not collect or process any of your personal data.
In addition, in line with applicable law and where appropriate, we may process your personal data for the following purposes, which are in our (or, as the case may be, any third party's) legitimate interest, such as:
• Improving, enhancing, and further developing the Services;
• Reviewing and optimizing procedures regarding usability and user friendliness of the Services;
• Opinion research, media surveillance;
• Ensuring our operation, including our IT, our websites, apps, and other appliances;
• Understanding how our Services are being used and usage patterns;
• Responding to your requests or inquiries;
• Enforcing our Terms of Service; and
• Sending you messages and push notifications when you sign up for our messaging services (e.g., SPARC listservs).
If you have given us your consent to process your personal data for certain purposes (for example when registering to get in touch with us or signing up to receive newsletters or surveys), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.
By using our Services, consenting to the receipt of newsletters, or voluntarily participating in surveys you agree to our use of such techniques. If you object, you must configure your browser or e-mail program accordingly.
4. Cookies / Tracking and Other Techniques Regarding the Use of the SPARC Portal Services
We may use Google Analytics or similar services on the SPARC Portal and other Services. These are services provided by third parties, which may be located in any country worldwide (in the case of Google Analytics Google LLC is in the U.S., www.google.com) and which allow us to measure and evaluate the use of the SPARC Portal (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. The service provider does not receive (and does not retain) any personal data from us, but the service provider may track your use of the Portal Services, combine this information with data from other websites you have visited and which are also tracked by the respective service provider and may use this information for its own purposes (e.g., controlling of advertisements). If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the Portal Services (but not any personal information about the user).
5. Data Transfer and Transfer of Data Abroad
In line with the purposes of the data processing set out in Section 3, we may transfer personal data to third parties, insofar as such a transfer is permitted and we deem it necessary, in order for such third parties to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may include, but are not limited to:
• Other SPARC websites such as commonfund.nih.gov/sparc
• Our service providers, including processors (such as IT providers);
• Authorities or courts;
• The media;
• The public, including users of the SPARC Portal, Portal Services and social media;
• Other parties in possible or pending legal proceedings;
• Employees of the National Institutes of Health
The above recipients may be located in any country worldwide. In particular, you must anticipate your personal data being transmitted to any country in which the SPARC Portal is represented by affiliates, branches or other offices. For more information about SPARC, visit this link to the About page.
If the SPARC Portal is involved in a transition of service to another provider, your information may be disclosed in connection with the negotiation of such transaction, and/or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how the recipient entities may use or disclose such information.
6. Retention Periods for your Personal Data
We process and retain your personal data for as long as necessary to fulfil the purposes for which we collected it and comply with legal obligations. As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In general, shorter retention periods of no more than twelve months apply for operational data (e.g., system logs).
7. Data Security
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse such as IT and network security solutions, access controls and restrictions, and encryption of data carriers and transmissions.
8. Your Rights
In accordance with and as far as provided by applicable law, you have the right to access, rectification, and erasure of your personal data, the right to restriction of processing or to object to our data processing in addition to the right to receive certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain data.
In addition, every user of the Portal Services has the right to enforce his/her rights in court or to lodge a complaint with his/her country’s competent data protection authority.
Updated 6 months ago