LAST UPDATED: June 27, 2019
At LabArchives, the security of all data is paramount. Whether it be any personal information you provide or the data you choose to store within LabArchives applications, we know that you care how it is handled. We go to great lengths to ensure that all data is secure and appreciate your trust in us to do that carefully and sensibly.
WHAT INFORMATION ABOUT YOU DO WE COLLECT?
When you interact with LabArchives services, you may provide us with many types of information including:
In some cases, if you choose not to provide us with required information for the services you want to use, you may not be able to access utilize those services. Further details are provided below.
HOW AND WHY DOES LABARCHIVES COLLECT INFORMATION?
Use of LabArchives Applications
The security of data stored in the LabArchives application is a shared responsibility between LabArchives LLC (the processor of such data) and the application’s users (the controller of such data).
Further, LabArchives staff does not read, classify or share any notebook data. LabArchives staff, by default, has no administrative privileges to grant or remove any access rights to/from any user’s notebook through the LabArchives application.
To create an account to access LabArchives and store data within it, LabArchives does need to collect and securely retain some personally identifiable and other information to complete that process. This may include, but is not limited to, an email addresses, name, organizational affiliations, etc. Settings in the LabArchives application allow each user to change any of the personally identifiable information related to their account that is stored in the application at any time. LabArchives does send emails that are transactional in nature related to a user account based on the user’s actions such as account activation, password reset, share/comment notifications, etc.
Users also create and use notebooks and then upload, organize and share data in LabArchives by choice. User accounts with administrative privileges are solely responsible for granting any notebook data access to other users through various methods available in the applications and services provided by LabArchives. This may involve a user providing the personally identifiable information of another person such as their email and name in order to share access to notebook data. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot control a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc.
Additionally, if applicable, LabArchives users that are site administrators for an organization have further control over their organization’s user accounts, data, access to user activities/details and the ability to control what application options are available to their users.
Requests for Product Information or Support
If you request product information or support from LabArchives, we do need to collect some personally identifiable and other information to complete the request you are making. This may include, but is not limited to, an email addresses, name, contact numbers, organizational affiliations, etc.
We do securely retain this information in applicable systems provided to us by 3rd parties such as email and communication systems, contact management systems, technical support systems and other systems.
Cookies are used by LabArchives application and other LabArchives web services that provide product, support and other information. Cookies are small pieces of data that are stored by a user's web browser on the user's hard drive. Cookies are a feature of web browser software that allows web servers to recognize the computer used to access a website.
The LabArchives applications use “session-based” cookies which are allotted to your computer for the duration of your LabArchives session. These session cookies are deleted when you close down your browser.
You can, of course, disable cookies on the device you are using to access our services by changing settings on your browser. However, if you choose to do this, you may be restricted from using some LabArchives services and you may receive errors/warnings about your cookie settings.
Network and Systems Logs
When anyone accesses LabArchives services, any systems, networks and security devices involved in the process automatically log details about the access that include information that may be personally identifiable such as the date/time, IP, process requested, process statistics, browser/OS details, etc.
These logs are also used for many other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for traffic/load/malicious patterns in order to maintain services, etc.
These logs are securely retained and do not contain any LabArchives notebook data nor are they shared with any unaffiliated 3rd parties of LabArchives.
Application Activity Logging
For auditing and administrative purposes, over 60 different actions performed when using LabArchives applications are logged including the type of action, user account information, IP, date/time and other details. The type of actions logged includes, but is not limited to, successful/unsuccessful logins, adding entries, editing entries, generating output, viewing shares of data, turning on/off functionality, etc. This activity logging is used for tracking what actions have been performed on a notebook or in the system by its users. This logging is available to users with access to such tracking, site administrators and LabArchives staff.
These application activity logs are also used for many other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for feature usage, monitoring for traffic/load/malicious patterns related to application functionality, etc.
These activity logs are securely retained and do not contain any LabArchives notebook data nor are they shared with any unaffiliated 3rd parties of LabArchives.
Other Traffic and Performance Analytics
For the purposes of maintaining service reliability, performance levels, monitoring for malicious patterns, better understanding usage of our services and improving overall user experience, LabArchives tracks various systems analytics such as server statistics, response times, request types, error rates, heavily used links, source IPs, geographic locations, etc.
These analytics are securely retained and do not contain any LabArchives notebook data nor are they shared with any unaffiliated 3rd parties of LabArchives.
Credit Card Information
To provide secure credit card processing when ordering from us, orders placed online with us are handled and secured by a payment system managed by 3rd parties which operate under their own privacy policies. If you choose to purchase or license LabArchives services online using a credit card, credit card details and other information is sent securely to a 3rd party for processing. LabArchives does not store your credit card information, but may store the status and payment amounts of a transaction.
HOW WOULD LABARCHIVES SHARE ANY INFORMATION COLLECTED?
LabArchives shares information with your consent or to provide any services that you have requested or authorized. LabArchives and its affiliates may, from time to time, share information about other products with you and/or services that we think you may find to be of interest if you have consented to receive such information. If you wish to change the types of communications you receive from us by email, you may do so by contacting email@example.com, or by clicking on the unsubscribe link in these types of communications.
We may provide access to any personally identifiable information and/or data in the event an external agency makes a legitimate, verified legal request to access it. This would include requests resulting from, but not limited to, the receipt of a court order, warrant, subpoena or other legal process. In such cases, the owners and/or administrators of the any information or data being requested would be notified unless such notification is prohibited by law, is counterproductive or when extreme circumstances exist that involve danger of death or serious injury to anyone. When possible, external agencies would be provided access to a secondary copy of any data so that the original LabArchives data remains intact.
HOW DOES LABARCHIVES HANDLE DATA FROM THE EEA?
Additional privacy and other rights apply in the event any data comes to LabArchives LLC from the European Economic Area (“EEA”). The EEA is comprised of all European Union countries plus Norway, Iceland and Liechtenstein. Additional rights are provided by the General Data Protection Regulation (“GDPR”) which may apply to the “processor” and/or “controller” of any data from the EEA.
For the LabArchives applications which are used by users and organizations by choice to create accounts and store, organize and share data, LabArchives is the “processor” of the data while the users and organizations they are part of are the “controllers” of the data.
In the case of other systems used by LabArchives for legitimate business processes, LabArchives is the “controller” of the data while any 3rd party provider of these services is the “processor” of the data. These systems include, but are not limited to, email and communication systems, contact management systems, product support systems, accounting systems, etc. It should be noted that these systems also are provided by vendors that store the data they process in the United States. With that, if you communicate with us, ask for support, ask for product information or purchase a product, then data from such actions does leave the EEA and travel to United States.
As mentioned, the GDPR provides added rights and privileges that the controllers and/or processors must perform for data that is from the EEA. These include, but are not limited to, notifications of any breaches of security, rights to have the data controller provide information on whether their personal information is being processed, rights to have the data controller erase any personal information that is being processed, rights to have the data controller fix any incorrect personal information and rights to get any of their personal data in a machine readable format from the controller. The official details on GDPR can be found here.
VeraSafe has been appointed as LabArchives representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to firstname.lastname@example.org, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.