BioPhilly is committed to protecting your privacy, and that includes protecting the privacy of any data you share with us. This policy sets out what data we collect, what we do with your data, when and how we store your data, and what you can do if you have questions or wish to exercise rights you have with respect to your data.
Our website address is: http://www.biophilly.org
What personal data we collect and why we collect it
We may collect the following data from you:
- Records of your visits to the site, through cookies and otherwise (which records may include: traffic data; location information; logs; information about your computer or mobile device such as if applicable your IP address, operating system, mobile carrier, or device identifying information)
- Records of correspondence between us and you (for example, records of your and our communication for purposes of support services)
- Comments, posts, or other data you upload to our site (for example, in the comments section of our blog posts)
- Information you provide by completing forms on our website or in our products and services (for example, purchase information and information you provide when subscribing to newsletters or contacting us)
Sometimes the reason for collection will be obvious (such as when you give us your email address to allow us to contact you). When it is not, we will describe to you at the time of collection the purpose for collecting the data and if possible ask for your consent. To the extent possible, we anonymize or pseudonymize data we collect from you.
For Your Security
We do not ask you to supply any credit card data or social security number via our website, and any personal health information you do supply is voluntary. You do not need to give details.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Through the use of forms on this website and interaction with our services, we may collect data from you. Sometimes the data we collect relates to you or identifies you. In this policy, data that relates to or identifies a natural person is defined as “personal data.” “Data” always includes personal data. Our goal is always to maintain the highest levels of privacy and security with your personal data, in keeping with the principles of the Federal Trade Commission Act and related regulations, the General Data Protection Regulation, and applicable local privacy laws. We will always try to give you appropriate notice of what data we collect and how we will use it, and we will only process your data when we consider it fair and lawful to do so.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
We protect your sensitive information offline. No-one is given access to it except employees who need it to contact you or set up your file.
Who we share your data with
We use the data we collect from you to provide information or services you have requested or purchased, and to allow you to interact with us and the website.
This may include sending you emails from time to time; these emails always contain either information you have requested or that you have consented to receive, or information we have a legitimate interest in delivering (such as notices of service changes). You can always unsubscribe from any email list by clicking the indicated link in the email.
When applicable we analyze this information to improve our website, improve the services we provide, and to protect us and you from malicious web activity. We may share this information with third parties. Those third parties and their respective privacy policies are as follows:
- Google Analytics (https://policies.google.com/privacy)
- Facebook Pixel (https://www.facebook.com/privacy/explanation)
How long we retain your data
In general, we keep your data only as long as necessary to provide the service you requested. If you are a customer who has an account with us, we will keep the data connected to your account until you ask us to destroy it. This is in order to help us remember information about previous interactions with you (for example, records of support service) or in order to comply with our legal and contractual obligations. Ordinarily, if your account is inactive, your data will only be stored so that the account can be reactivated in the future, and your data will not be processed for any other purpose. You can ask us to destroy your data at any time by following the procedures outlined in this policy, but if we do not have certain information about you, it may be impossible for us to provide any products or services to you.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
You have a right to know if we have any of your personal data and to have access to that data, and you have the right to have any incorrect personal data corrected. If you have given us consent to have or use your data, you have the right to withdraw that consent at any time. You also have the right to have your personal data erased or to transport your data. Ordinarily we do not use automated decision-making with respect to any personal data, but if we do, you have the right to object.
You have the right to lodge a complaint with a supervisory authority. Which authority is appropriate varies depending on your jurisdiction. If you wish to lodge a complaint, we can assist you in determining where the complaint should be lodged.
You may contact us at any time at firstname.lastname@example.org to exercise any of these rights. Understand that sometimes we have to have your data in order to interact with you, and so exercising some or all of these rights might impact your ability to use our website or our products and services.
Where we send your data
Visitor comments may be checked through an automated spam detection service. Comments and other content submitted to Akismet anti-spam service are not saved on our servers unless they were marked as false positives, in which case we store them long enough to use them to improve the service to avoid future false positives.
How do we ensure your data is secure?
We take a number of steps to ensure that data we collect is protected from unauthorized access, alteration, disclosure, or destruction, including the following:
- Many of our services are encrypted using SSL.
- We regularly review our data collection, storage, and processing practices, including physical and electronic security measures.
- We restrict access to your personal data to only those employees, agents, and business partners who need access to it in order to deliver requested products and services.
- All of our employees, agents, and business partners are subject to strict confidentiality and nondisclosure obligations, the violation of which may result in termination and/or liability.
All of our employees and agents receive regular appropriate training, including training in information privacy suitable to their respective fields and disciplines.If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Where is your data stored?
We are a business located in the United States. When we store your data, it is stored in the United States. However, data we collect may be routed or transferred internationally by us or by our business partners during the course of providing products and services to you and others.
Third parties we receive data from
Sometimes we may obtain your personal data from a third party, either through the use of our website or through some of our products or services. Due to the nature of our services, it is possible that we may even obtain your data unsolicited from a third party. We may also obtain your personal data from our business partners through contractual relationships or through software they develop. We apply the same standards of security and privacy to all personal data in our possession, and you have rights with respect to your data regardless of its source. When and to the extent possible, we will notify you of the source if we obtain your data from a third party without your consent within at least thirty (30) days.
Additionally, our website may contain links to our business partners or other third parties. Please understand that those websites have their own policies, and we do not accept any responsibility or liability for your use of those websites or any products or services available there.
Industry regulatory disclosure requirements
In general, we do not intentionally collect sensitive personal data. Sensitive personal data is data of the kind regulated by Article 9 or Article 10 of the GDPR, such as personal identity numbers; financial account information; information concerning racial or ethnic origin; political opinions; religious, philosophical, or other beliefs; membership in trade unions or professional or trade associations; physical or mental health information; biometric data; genetic data; data concerning sexual activity or orientation; or data concerning criminal records or suspected criminal activity. However, if you provide us with sensitive personal data, whether through the website or through any of our products or services, you explicitly consent to our use and processing of that data.
Additionally, we do not intentionally collect personal data from anyone under the age of eighteen (18), and to the extent reasonably possible we take steps to verify that you are a legal adult when we collect data from you. By using our website, products, or services, and by submitting any data to us, you warrant that you are eighteen (18) years of age or older.