1.08 LabArchives Privacy
LAST UPDATED: Sept 17, 2020
At LabArchives, the security of all data is paramount. Whether it be any personal information you provide or the data you choose to store within LabArchives applications, we know that you care how it is handled. We go to great lengths to ensure that all data is secure and appreciate your trust in us to do that carefully and sensibly.
WHAT TYPES OF INFORMATION DOES LABARCHIVES COLLECT?
When you interact with LabArchives services, you may provide us with many types of information including:
Personally identifiable information and other information that you knowingly choose to disclose, which is collected on an individual basis
Information that may or may not include personally identifiable information that you choose to store within LabArchives services
General usage and statistical information which is collected on an aggregate basis as you use LabArchives services
In some cases, if you choose not to provide us with required information for the services you want to use, you may not be able to access utilize those services. Further details are provided below.
HOW AND WHY DOES LABARCHIVES COLLECT INFORMATION?
Use of LabArchives Applications
The security of data stored in the LabArchives application is a shared responsibility between LabArchives LLC (the processor of such data) and the application’s users (the controller of such data).
Further, LabArchives staff does not read, classify or share any data from any of our products. LabArchives staff, by default, has no administrative privileges to grant or remove any access rights to/from any user’s account through the LabArchives applications.
To create an account to access LabArchives and store data within the products, LabArchives does need to collect and securely retain some personally identifiable and other information to complete that process. This may include, but is not limited to, an email addresses, name, organizational affiliations, etc. Settings in the LabArchives applications allow each user to change any of the personally identifiable information related to their account that is stored in the application at any time, unless restricted by institution settings in the case of access is via an institutional enterprise license. LabArchives does send emails that are transactional in nature related to a user account based on the user’s actions such as account activation, password reset, share/comment notifications, etc.
See below for information on how specific LabArchives products collect information.
Additionally, if applicable, LabArchives users that are site administrators for an organization have further control over their organization’s user accounts, data, access to user activities/details and the ability to control what application options are available to their users.
Requests for Product Information or Support
If you request product information or support from LabArchives, we do need to collect some personally identifiable and other information to complete the request you are making. This may include, but is not limited to, an email addresses, name, contact numbers, organizational affiliations, etc.
We do securely retain this information in applicable systems provided to us by 3rd parties such as email and communication systems, contact management systems, technical support systems and other systems.
Cookies are used by LabArchives application and other LabArchives web services that provide product, support and other information. Cookies are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Cookies are a feature of web browser software that allows web servers to recognize the computer used to access a website.
The LabArchives applications use “session-based” cookies which are allotted to your computer for the duration of your LabArchives session. These session cookies are deleted when you close down your browser. LabArchives applications may also use non-session cookies for functionality such as storing last search criteria and personalized displays, and such non-session cookies may be maintained for up to 30 days.
You can, of course, disable cookies on the device you are using to access our services by changing settings on your browser. However, if you choose to do this, you may be restricted from using some LabArchives services and you may receive errors/warnings about your cookie settings.
Network and Systems Logs
When anyone accesses LabArchives services, any systems, networks and security devices involved in the process automatically log details about the access that include information that may be personally identifiable such as the date/time, IP, process requested, process statistics, browser/OS details, etc.
These logs are also used for many other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for traffic/load/malicious patterns in order to maintain services, etc.
These logs are securely retained and do not contain any data from LabArchives products nor are they shared with any unaffiliated 3rd parties of LabArchives.
Application Activity Logging
For auditing and administrative purposes, LabArchives applications log various user actions along with user account information, IP, date/time and other details. The type of actions logged includes, but is not limited to, successful/unsuccessful logins, adding data, editing data, generating output, viewing information or data shared with you, turning on/off functionality, etc. This activity logging may be used for reporting to account owners, users and administrators what actions have been performed within specific products or in the system by its users. This logging or history is available to users with access to such information, site administrators and LabArchives staff.
These application activity logs are also used for systems management, trouble-shooting and other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for traffic/load/malicious patterns related to application functionality, security, etc.
These activity logs are securely retained and do not contain any user data which is stored in any of the products nor are they shared with any unaffiliated third party other than in aggregate.
Other Traffic and Performance Analytics
For the purposes of maintaining service reliability, performance levels, monitoring for malicious patterns, better understanding usage of our services and improving overall user experience, LabArchives tracks various systems analytics such as server statistics, response times, request types, error rates, heavily used links, source IPs, geographic locations, etc.
These analytics are securely retained and do not contain any LabArchives data nor are they shared with any unaffiliated third party.
Our website and service uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and web page usage. You may choose to opt-out of Google Analytics data collection by activating the Google Analytics Opt-out Browser Add-on https://tools.google.com/dlpage/gaoptout?hl=en .
Credit Card Information
To provide secure credit card processing when ordering from us, orders placed online with us are handled and secured by a payment system managed by 3rd parties which operate under their own privacy policies. If you choose to purchase or license LabArchives services online using a credit card, credit card details and other information is sent securely to a 3rd party for processing. LabArchives does not store your credit card information, but may store the status and payment amounts of a transaction.
HOW WOULD LABARCHIVES SHARE ANY INFORMATION COLLECTED?
LabArchives shares information with your consent or to provide any services that you have requested or authorized. LabArchives may, from time to time, send you information about other LabArchives products and/or services that we think you may find to be of interest if you have consented to receive such information. LabArchives does not share any end-user information with any affiliates. If you wish to change the types of communications you receive from us by email, you may do so by contacting email@example.com, or by clicking on the unsubscribe link in these types of communications.
We may provide access to any personally identifiable information and/or data in the event an external agency makes a legitimate, verified legal request to access it. This would include requests resulting from, but not limited to, the receipt of a court order, warrant, subpoena or other legal process. In such cases, the owners and/or administrators of the any information or data being requested would be notified unless such notification is prohibited by law, is counterproductive or when extreme circumstances exist that involve danger of death or serious injury to anyone. When possible, external agencies would be provided access to a secondary copy of any data so that the original LabArchives data remains intact.
HOW DOES LABARCHIVES HANDLE DATA FROM THE EEA?
Additional privacy and other rights apply in the event any data comes to LabArchives LLC from the European Economic Area (“EEA”). The EEA is comprised of all European Union countries plus Norway, Iceland and Liechtenstein. Additional rights are provided by the General Data Protection Regulation (“GDPR”) which may apply to the “processor” and/or “controller” of any data from the EEA.
For the LabArchives applications which are used by users and organizations by choice to create accounts and store, organize and share data, LabArchives is the “processor” of the data while the users and organizations they are part of are the “controllers” of the data.
In the case of other systems used by LabArchives for legitimate business processes, LabArchives is the “controller” of the data while any 3rd party provider of these services is the “processor” of the data. These systems include, but are not limited to, email and communication systems, contact management systems, product support systems, business information systems, accounting systems, etc. It should be noted that these systems also are provided by vendors that store the data they process in the United States. With that, if you communicate with us, ask for support, ask for product information or purchase a product, then data from such actions does leave the EEA and travel to United States. However, no data stored in LabArchives applications, other than data shared with LabArchives for the support of our products, requests for product information, or to purchase / subscribe to a LabArchives product, leaves the region it originates in, United States, EU or Australia. Users and system administrators can select which region they use to store data. LabArchives supports three regions (US, EU, and Australia) for various products. Details for each product, where the user data is stored for each product can be found in our Knowledgebase.
As mentioned, the GDPR provides added rights and privileges that the controllers and/or processors must perform for data that is from the EEA. These include, but are not limited to, notifications of any breaches of security, rights to have the data controller provide information on whether their personal information is being processed, rights to have the data controller erase any personal information that is being processed, rights to have the data controller fix any incorrect personal information and rights to get any of their personal data in a machine readable format from the controller. The official details on GDPR can be found here.
Information Collection and Use by LabArchives Products
Users also create and use notebooks and then upload, organize and share data in notebooks by choice. User accounts with administrative privileges are solely responsible for granting any notebook data access to other users through various methods available in the applications and services provided by LabArchives. This may involve a user providing the personally identifiable information of another person such as their email and name in order to share access to notebook data. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot control a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc.
Users set up their lab’s inventory and then upload and organize data. User accounts with administrative privileges are solely responsible for granting access to an inventory through user management features. This may involve a user providing the personally identifiable information of another person such as their email in order to provide access to an inventory. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot control a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc.
Users of Scheduler set up schedules, locations, calendars and resources along with various administrative and user groups as a means to allow users to schedule the use of an institution’s resources such as equipment or meeting rooms. Users with administrative privileges can create additional administrative groups and these administrators have the ability to grant access and confer rights to system users. Administrators also add data about resources and schedules unique to the institution. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot control a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc.