Last Revision Date —August 29, 2019
Thank you for using COSMIC²!
The Regents of the University of Michigan (“Michigan”) recognizes and values the privacy of the university community members and its guests, and strives to be the leaders and best in the ways in which we manage your personal information. This value is reflected in Regent’s Bylaw Sec. 14.07. Privacy and Access to Information, which states in part:
“In collecting, utilizing, and releasing information about individuals associated with the university, the university will strive to protect individual privacy, to use information only for the purpose for which it was collected, and to inform individuals of the personal information about them that is being collected, used, or released.”
In principle, Michigan strives to:
- Collect, store, and use the minimum amount of personal information that is necessary for its legitimate business purposes and to comply with legal obligations.
- Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
- Limit who has access to the personal information in our possession to only those who need it for a legitimate, specific purpose.
- Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
- Communicate with our students, faculty, employees, suppliers, partners, and others about how we use personal information in our day-to-day operations.
- Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
- Integrate privacy in the design of our activities when that involves the use of personal data.
This scope of this notice applies to our practices for gathering and disseminating information related to the Cosmic 2 website, located at www.cosmic-cryoem.org or www.cosmic2.sdsc.edu . It is meant to provide you an overview of our activities that require the processing of personal information and our approach to protecting privacy. Please be advised that specific schools, departments, units, clubs, and other groups may have specific privacy notices for their activities related to their collection and processing of your personal information.
At the University of Michigan, we strive to appropriately manage, secure, and keep private and confidential the personal data entrusted to us.
Categories of Information We Collect and Use
The information we collect from you falls into two categories: personally identifiable information (“Personal Information”) and non-personally identifiable information (i.e., information that cannot be used to identify who you are) (“Non-Personal Information”). Below are the various ways in which we may collect Personal Information and Non-Personal information from you.
- Direct Collection:When you directly provide it to us, such as when you fill out a participation consent form, create an account on our Site, or upload data and information to the Site. Personal Information that we may collect in this manner may include your name, email address, and institution. Non-Personal Information that we may collect in this manner may include cryo-EM movies, micrographs, particle stacks, images, and other related data, information.
- Automated Processes:When you use our Site, we may automatically collect Non-Personal Information, such the date and time of your visit to our Site, the web pages you viewed, and how much time you spend on the Site.
- Publicly Posted. If you post information on public areas of the Site (i.e. message boards), that information is visible to and may be collected, stored and used by anyone. We recommend you be cautious about giving out Personal Information to others or sharing Personal Information in public or online forums. We are not responsible for the actions of any third parties with whom you share Personal Information.
Our goal is to limit the information we collect to the information needed to support our business and the services that we provide to you.
How This Information Is Used
We may from time to time analyze and aggregate Personal Information and Non-Personal Information in certain data analysis, reports, benchmarks, model development and optimization or other interpretations of trends for both internal and external purposes. When analyzing and aggregating this information, we make sure that the information is not identifiable to any particular user. Any Non-Personal Information that we collect is de-identified at the time of collection and will never be combined with Personal Information.
We may occasionally process other Personal Information and Non-Personal Information for other legitimate and specific purposes. When these situations occur, we will endeavor to inform you of such occasional processing activities, since transparency is one of our core principles for using Personal Information for the purposes for which it was collected.
With Whom This Information Will Be Shared
The University of Michigan does not sell or rent your personal information. We may, however, share your personal information in limited circumstances, such as with service providers that support business activities. We require our service providers to keep your personal information secure. We do not allow our service providers to use or share your personal information for any purpose other than providing services on our behalf.
We may also share your personal information when required by law, or when we believe sharing will help to protect the safety, property, or rights of the university, members of the university community, and university guests.
What Choices You Can Make About Your Information
If you wish to access, update, correct or delete any Personal Information in our possession that you have previously submitted, you may update this via your profile page on the site or email us at email@example.com. However, please note that we cannot remove any Non-Personal Information after it is submitted to us.
Marketing Communication. If you do not want us to send you marketing or promotional communications, you can opt-out by clicking the “unsubscribe” link in any such promotional emails, checking the relevant box located on the form on which we collect your data or emailing us at firstname.lastname@example.org. Please also note that we may still send you important administrative messages.
Cookies. Additionally, to enhance your experience, we may place “cookies” on your computer or device. Cookies are files that store your preferences. When you access the Site, the following cookies may be placed on your device, depending on your web browser settings. Our website may use the following types of cookies:
Google Analytics Cookies
Opt-out: Find out more about managing cookies through your browser .
How Information Is Secured
The University of Michigan recognizes the importance of maintaining the security of the information it collects and maintains, and we endeavor to protect information from unauthorized access and damage. The University of Michigan strives to ensure reasonable security measures are in place, including physical, administrative, and technical safeguards to protect your personal information.
Privacy Notice Changes
This privacy notice may be updated from time to time. We will post the date our notice was last updated at the top of this privacy notice.
Who to Contact with Questions or Concerns
If you have any concerns or questions about how your personal data is used, please contact us at email@example.com
We strive to promptly respond to your request, and will do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority. You also have the right to submit a complaint in the Member State of your residence or place of work of an alleged infringement of the GDPR.
NOTICE SPECIFIC TO PERSONS WITHIN THE EUROPEAN UNION
If you are located in the EU, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”).
In addition to the privacy information provided above, there is additional information specific to the EU legal framework below. Please also see our GDPR resources webpage for more information.
LEGAL BASIS FOR PROCESSING
Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:
- Necessity to enter or for the performance of a contract;
- Necessity for our legitimate interests or those of third parties;
- Consent (for the research projects you may participate in; for processing of special categories of personal data).
The University of Michigan is committed to facilitating the exercise of the rights granted to you by EU data protection law in a timely manner.
In the context of our processing activities that are subject to the GDPR, you have the following rights regarding your personal information:
- Access, correction and other requests – You have the right to obtain confirmation of whether we process your personal data, as well as the right to obtain information about the personal data we process about you. You also have a right to obtain a copy of this data. Additionally, and under certain circumstances, you may have the right to obtain erasure, correction, restriction and portability of your personal data.
- Right to object– You have the right to object to any processing of your personal data based on your specific situation. We will assess your request and provide a reply in a timely manner, according to our legal obligations.
- Right to withdrawal consent– For all the processing operations that are based on your consent, you have the right to withdraw your consent at any time, and we will stop those processing operations as allowable by law.
Please note that when you make requests based on these rights, if we are not certain of your identity, we may need to ask you for further personal information to be used only for the purposes of replying to your request.
We strive to keep personal data in our records only as long as necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.
When you interact with the University of Michigan, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have been deemed by the European Commission to have an adequate level of legal protections for personal information. To ensure the lawful transfers of personal information from the EU, the University of Michigan relies on the derogations laid out in Article 49 GDPR. In particular, we rely on your explicit consent for some of the transfers and on necessity for the performance of a contract or the implementation of pre-contractual measures taken at your request (for instance, for the transfer of personal data necessary for your application for admission). However, please be aware that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this General Privacy Statement.
If you have any concerns or questions about how your personal data is used, please contact us at firstname.lastname@example.org. We will promptly respond to your request and do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of the GDPR. You also have the right to submit a complaint in the Member State of your residence, place of work or of an alleged infringement of the GDPR.