Proteomic Data Commons (PDC) Privacy Policy

This Privacy Policy, effective as of 06-04-2019, is intended to make clear what types of data we (National Cancer Institute, NIH, HHS) collect from the users, what we do with it, and how our users can control what happens to it. The PDC web site links to other National Institutes of Health (NIH) sites, federal agency sites and occasionally, to private organizations. Once you leave the primary PDC website, you are subject to the privacy policy for the site(s) you are visiting. PDC data portal can be accessed freely without need for registration or login. We do not collect any personally identifiable information (PII) about you during your visit to the PDC Website unless you access the protected data or wish to submit data to PDC. We do collect some anonymized data about your visit to our PDC Website to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, and/or download information from our Web site. The PDC never collects information for commercial marketing or any purpose unrelated to the NIH mission and goals.

Types of Information Collected

Information collected when browsing PDC:

When you browse through any Website, certain information about your visit can be collected. We automatically collect and temporarily store the following types of information about your visit:

• Domain address from which you access the Internet
• IP address (an IP address is a number that is automatically assigned to a computer when surfing the Web)
• Operating system and information about the browser used when visiting the site
• Date and time of your visit
• Pages you visited
• Address of the Web site that connected you to the PDC, also called as referring website such as google.com or bing.com
• Demographic and interest data

We use this information to measure the number of visitors to our site and its various sections and to help make our site more useful to visitors. This information cannot be used to identify you as an individual.

Information collected when you contact PDC:

When you contact PDC through email at PDCHelpDesk@mail.nih.gov, we collect the following types of information:

• Name
• E-mail address
• Phone number (if provided)
• Inquiry type
• Inquiry description
• Any files uploaded in support of the inquiry
• Date and time the inquiry was submitted

Information collected when requesting access to protected data:

When you try to access protected data from PDC, we collect the following types of information:

• Name
• NIH eRA Commons ID

Information collected when submitting data to PDC:

When you want to submit data to PDC, we collect the following types of information to create a private workspace for you:

• Name
• NIH eRA Commons ID, if applicable
• E-mail address, if applicable
• Phone number (if provided)
• Organization
• All the data uploaded through out the life cycle of the account

How the PDC Collects Information

The PDC uses several tools to collect the information listed above in the section ‘Information Collected when Browsing the PDC’. No Personally Identifiable Information (PII) is collected. This data is used to monitor the health and growth of the system and comply with security and auditing best practices. The PDC Team conducts analyses and generates reports with this information, which are shared only with PDC Team Members, NIH Senior Staff, and members of the NIH Communications Team who require this information to perform their duties.

The PDC uses an email at PDCHelpDesk@mail.nih.gov to collect the information in the bulleted list in the ‘Information Collected when you contact PDC’ section. The PDC uses the information to provide users with assistance and improve the PDC. These support facilities require the collection of PII so that PDC Team Members can correspond directly with users to provide assistance.

The PDC retains the data from web analytics reporting tools and support requests as long as needed to support the mission of the PDC.

How the PDC Uses Cookies

PDC uses cookies to ensure platform security and to collect User Activity Information that will allow us to improve the user experience with our website. More specifically, we use cookies to authenticate users of the platform, enable Google Analytics. We will obtain users’ consent for any cookies related to Google Analytics.

How Personal Information is Protected

You do not have to give us personal information to visit the PDC. However, if you choose to contact us for support, request protected data or submit data, we collect information described in the above sections to allow us to fulfill the purpose of your contact. If you choose to provide us with personally identifiable information, that is, information that is personal in nature and which may be used to identify you, through an e-mail message or electronic form, we will maintain the information you provide only as long as needed. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). If the PDC operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide personally identifiable information. The notice must address the following five criteria:

• Legal authorization to collect information about you
• Purpose of the information collection
• Routine uses for disclosure of information outside of the PDC
• Whether the request made of you is voluntary or mandatory under law
• Effects of non-disclosure if you choose not to provide the requested information

For further information about the PDC privacy policy, please contact us at PDCHelpDesk@mail.nih.gov

Safeguarding and Privacy

The PDC uses web measurement and customization technologies to help our Web sites function better for visitors and to better understand how the public uses the online resources we provide. All uses of web-based technologies comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems owned and operated by the PDC are assessed using Privacy Impact Assessments (PIAs) posted for public view on the Department of Health and Human Services (DHHS) Web site at http://www.hhs.gov/pia/. NIH conducts and publishes a PIA for each use of a third-party website and application (TPWA) as they may have a different functionality or practice. TPWA PIAs are posted for public view on the DHHS Web site at http://www.hhs.gov/pia/#Third-Party.

Groups of records that contain information about an individual and are designed to be retrieved by the individual’s name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy Website. When you visit the NIH Institute/Center sites, please look for the Privacy Notice posted on the main pages. When web measurement and customization technologies are used, the Privacy Policy/Notice must provide:

• Purpose of the web measurement and/or customization technology
• Usage tier, session type, and technology used
• Nature of the information collected
• Purpose and use of the information
• Whether and to whom the information will be disclosed
• Privacy safeguards applied to the information
• Data retention policy for the information
• Whether the technology is enabled by default or not and why
• How to opt-out of the web measurement/customization technology
• Statement that opting-out still permits users to access comparable information or services
• Identities of all third-party vendors involved in the measurement and customization process

Data Retention and Access Limits

The PDC will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic Records, and will be handled per the requirements of that schedule.