GEMS® Services Privacy Policy

GEMS Informatics at the University of Minnesota provides a range of field sensing and data services (hereafter “GEMS Services,” “GEMS” or “we”), including the GEMS Platform (an integrated data storage and sharing (GEMShareTM) and analytical (GEMSToolsTM) service hosted at the Minnesota Supercomputer Institute), GEMS Sensing (field sensing devices and backend data streaming services), and GEMS Exchange (a portfolio of data streaming or analysis APIs). GEMS Services is committed to protecting the privacy of the GEMS user community. The intent of this Privacy Notice is to inform you of our policies and procedures regarding the collection, use and disclosure of the information we receive from or provide to users of GEMS Services and customer branded GEMS website hosted by us at https://gems.umn.edu/. The GEMS Platform uses Globus Auth as its Identity and Access Management (IAM) service. See www.globus.org/legal/privacy for the Globus privacy policy.

We may update this Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on the GEMS Platform (gems.agroinformatics.org) or the GEMS website (https://gems.umn.edu/) and updating the “Updated” date above. We reserve the right to modify this Privacy Notice at any time, so please review it frequently. Unless otherwise defined in this Privacy Notice, terms used in this Privacy Notice have the same meanings as in our GEMS Terms of Service.

As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis, and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.

1.  Information Collection


Below are the types and categories of information that we collect from users or are supported by GEMS Services.
 

A.  Personal Information
When you register with us through the GEMS Platform or use certain features of GEMS Services we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). The Personal Information you will be required to provide includes your name, an account name,  and a verifiable email address. Other Personal Information, such as your real name, a phone number, and an address, may be requested when joining certain groups, depending on the policies set by that group’s administrators.

The Internet Protocol (IP) address of your computer, which is collected as Log Data, is treated as Personal Information.
 

B.  Non-Identifying Information
We may also ask you for other information that is not inherently personally identifiable.  This may include your organization, file names, remote endpoints of services, etc. (“Non-Identifying Information”) that you provide as part of working with GEMS. Therefore, we recommend that you do not include any personally identifiable information that is not strictly necessary.

GEMS staff may view your file names, file sizes, file checksums, and other such file-related metadata; whereas staff do not access the contents of the files unless directed or otherwise enabled to do so by the user (e.g., collaborations and data processing agreements).
 

C.  Log Data
When you visit the Platform or use the Service, whether logged into a GEMS account or as a non-registered user just browsing (any of these, a “GEMS User”), our servers automatically record information about your visit to the GEMS Platform (“Log Data”) or use of other GEMS Services. This Log Data includes information about your data management activities, such as filenames and other file metadata; your computer’s Internet Protocol (IP) address; your browser type; what software you were using with the Service; the web page you were visiting immediately prior to visiting our Platform; requests made to the Platform either programmatically or via a web browser; information you searched for on our Platform; access times and dates.  Log Data may include Personal Information.

2.  Use of Information


Our primary goals in using information we collect are to provide and improve the GEMS Platform and other GEMS Services, and their related features and content. We know that our users’ Personal Information is of concern, and we take this into consideration prior to using their Personal Information. In this regard, we use Personal Information in the following ways:
 

2.1  Service Improvement
We may combine your Personal Information with Non-Identifying Information and Log Data, and aggregate it with information collected from other GEMS Users, to attempt to provide you with a better experience, to improve the quality and value of our Services, and to analyze and understand how our Platform and Services are used. We may disclose your Personal Information to third party services that are used to provide additional capabilities such as a support ticket system and to improve our Services. Subject to the section below titled “Sharing and Disclosure of Information,” we may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.
 

2.2  Marketing
We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to contact you with GEMS newsletters, marketing or promotional materials and other information. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or email us at [email protected] with an explicit request to have your information removed from our mailing list. We will comply with your request as soon as reasonably practicable. In no event will we make your Personal Information or email address available for a fee, or for marketing not related to GEMS.
 

2.3  Service Delivery
We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to provide you with the services that you may request from us. For example, if you are using the GEMS Platform, we may use your Personal Information to facilitate the transfer of your files or data. We also may use your Personal Information to deliver you other services, such as educational content or information, newsletters or software you request. Finally, we may use your information to communicate Service related information with you via email or other means, in response to an inquiry by you, or to otherwise alert you to the status of activities you have requested from our Service.
 

2.4  Research
We may use your Personal Information for research purposes. All human subjects research we conduct using your Personal Information is reviewed by an Institutional Review Board to ensure the protection of your interests. We never disclose your Personal Information in research publications or in any other method of disclosing research results.

3.  Sharing and Disclosure of Information
 

Below we describe the ways that we share the information that we collect via the Service, including your Personal Information, Non-Identifying Information, and Log Data (collectively referred to as “information.”) Other than as described in this section, we do not rent or share information about you with third parties.
 

3.1  Aggregate Information and Non-Identifying Information
We may share aggregated data that does not include Personal Information and we may otherwise disclose Non-Identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated data shared in these contexts will not contain your Personal Information.
 

3.2  Service Providers
We may employ or partner with third party companies, organizations and individuals to facilitate our Service, to provide the Service on our behalf, and to perform Service-related services or to facilitate services to our end-users (“Service Providers”). The types of Service Providers we use include, without limitation, service providers that provide the following types of services: identity and access management, customer support, software development, hosting, accounting, web and user analytics, customer relationship management, webcasting, website maintenance, database management, transferring data or files at the request of a user, and web and live chat hosting. 
When our Service Providers have access to your information to perform these tasks on our behalf they are obligated not to disclose or use it for any other purpose.
 

3.3  Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including without limitation subpoenas), to protect our property and rights or those of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
 

3.4  Sharing Your Information With Other Users
Other GEMS Platform users, depending on their team memberships and roles, may be able to see your full name, e-mail address associated with your GEMS Platform and Globus account, as well as your GEMS ID (the two 36 character, randomly generated identifiers associated with your GEMS Platform and Globus accounts). Most regular users will only be able to view this information if they are in a team with you and have been granted the appropriate permission by the Team Administrator. Access to Personal and non-identifying information is only granted to registered GEMS Platform users and is not granted as a part of GEMSOpen. Additionally, GEMS Platform users identified as the data stewards for any GEMS registered organization are granted the permission to see this information for all users so that they can grant access to the correct users.
 

3.5  Reorganization
We may have to share your Personal Information in the event of a reorganization, or in the event we merge or assign all or part of our assets to another party, but this other party shall have the same obligations with respect to your information under this Privacy Notice as we do.

4.  Cookies


Like many web sites, our GEMS Platform uses “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s local storage for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your GEMS Platform account identifier and other preferences for future logins to the Platform, and to analyze Platform traffic. Second, we utilize session cookies to enable certain features of the GEMS Platform, to better understand how you interact with the Platform and to monitor aggregate usage by GEMS Users and general web traffic on the Platform. We link the information we store in cookies to the Personal Information you submit to us while you are on the Platform. Unlike persistent cookies, session cookies are deleted from your computer when you close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the GEMS Platform or all the functionality of the Service.
 

In addition, this website uses a minimal build of Google Analytics, a service which transmits website traffic data to Google servers in the United States and allows us to notice trends to improve the user experience on our website. This processes personal information including the unique User ID set by Google Analytics, the date and time, the title of the page being viewed, the URL of the page being viewed, the URL of the page that was viewed prior to the current page, the screen resolution, the time in local timezone, the files that were clicked on and downloaded, the links clicked on to an outside domain, the type of device, and the country, region, and city among others.
 

You may opt-out of this tracking at any time by activating the “Do Not Track” setting in your browser.

5.  Individual Rights
 

Various jurisdictions grant individuals rights regarding their data, including: (i) the right to request access to your information held by GEMS; (ii) the right to have inaccurate or incomplete personal data rectified; (iii) the right to erasure of your information, provided there is no legitimate reason for the University to continue to process or retain the information; (iv) the right to restrict processing of your information in specific situations; (v) the right to request provision of some elements of your information (vi) the right to object to processing of your information, including to sending you communications that may be considered direct-marketing materials; (vii) the right to object to automated decision-making and profiling, where applicable. All requests to exercise any of these rights should be made to GEMS at the contact information provided at the end of this Privacy Notice.
 

While we encourage you to bring your concerns to us in the first instance, in certain jurisdictions, you may also have the right to submit a complaint to the jurisdiction’s supervisory authority for data protection matters.

6.  Phishing
 

Identity theft and the practice currently known as “phishing” are of great concern to us. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your credit card information, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.

7.  Changing or Deleting Your Information
 

You may review, update, correct or delete the Personal Information in your account profile by logging into your account and changing the “user profile” information associated with your account, though such changes may impact your group memberships and associated access rights to certain resources. In order to delete your account please submit a support request by emailing [email protected].

8.  Data Retention Policy
 

We may retain your account information until you have requested that we delete your account on the Service. We may retain your Personal Information until it is no longer necessary to deliver or improve our service. We may retain Personal Information for research purposes until it no longer has the potential to inform research. We will retain Log Data consistent with applicable legal requirements. We may purge the Log Data from our systems in accordance with any legal requirements. In the event of an investigation by law enforcement or a response to claims or legal process, we may retain the Log Data until such investigation or process is completed.

9.  Security
 

We take safeguarding your information very seriously. We employ generally-accepted, industry-standard administrative, physical and electronic measures designed to protect the Personal Information submitted to us from unauthorized access, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic data storage is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
 

We will make disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable laws related to security breach notification) as required by law. We will make such disclosures to you via email or conspicuous posting on the Platform in the most expedient time possible and without unreasonable delay. We shall only disclose your “personal information” to the extent required by and consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

10.  Assignment
 

In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger with another party, you grant us the right to assign the information collected via the Service to such other party.

11.  International Transfer
 

Your information may be transferred to “and maintained on” computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, you should be aware that we transfer Personal Information to the United States and process it there. Your consent to this Privacy Notice followed by your submission of such information represents your agreement to such transfer.

12.  Links to Other Websites
 

Our Services may contain links to other websites. If you choose to click on a third-party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.

13.  Our Policy Toward Children
 

Our Services are not directed to children under 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at [email protected]. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.

14.  Your California Privacy Rights
 

Beginning on January 1, 2005, California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at [email protected].

15.  Contact Us
 

If you have any questions or concerns, please contact us at [email protected].