Privacy Policy

Privacy Policy
Effective Date: April 07, 2021

This “Privacy Policy” describes the privacy practices of The University of Pennsylvania (“The University of Pennsylvania”, “we”, “us” or “our”). This Privacy Policy describes how we collect, use, disclose and otherwise process personal information (also known as ‘personal data’ in some jurisdictions) in connection with our websites, mobile apps and other Internet-enabled services (together “Services”), and explains the privacy rights and choices available to individuals. This Privacy Policy governs any of the Services on which the policy is posted. Please note that this Privacy Policy does not apply to the information we process on behalf of our clients. Our platform helps the scientific and clinical community make optimal use of the vast quantities of highly complex medical and healthcare data by integrating the data points into our platform and placing the data into a useful context. Our processing of data on behalf of our clients is governed by agreements between us and our clients. These agreements require our clients to comply with applicable privacy laws and, to the extent the clients are legally required, provide privacy notices to, and if applicable, obtain consent from, the individuals whose data our clients process using the Pennsieve platform.

Personal Information We Collect

Information you give us. You may provide information to us when you interact with the Services, for example, by registering, establishing an account, subscribing to newsletters, inquiring about grant support, requesting information or otherwise communicating with us via the Services. You may provide your personal and business information, such as your name, mailing and email address, telephone number, job title, organizational affiliation, grant details and other details you may choose to share with us. You are not legally obligated to provide your personal information to us, but we might need some of the information in order to be able to provide you with our Services.

Information we collect automatically. Our servers and third party service providers may automatically record certain information about how you use the Services, such as your Internet Protocol (IP) address, domain name, device and browser type, operating system, Internet service provider, referring/exit pages, clickstream data, the pages or features of the Services that you browse and the time you spend on those pages or features, the frequency with which you use the Services, the links that you click on or use and other statistics. We collect this information in server logs and by using cookies and similar tracking technologies. See our Cookie Policy for more information.

How We Use Your Personal Information

We use the information we collect for the following purposes (if you are from the EU, please also see Notice to European Users for further details):

To operate the Services and respond to your queries, including to:

  • Establish and manage accounts and registrations;
  • Provide grant management services;
  • Send you information you may request;
  • Communicate with you regarding the Services, including by sending you announcements, updates, security alerts, and support and administrative messages;
  • Respond to your requests, questions and feedback in general and related to the Services.

To improve the Services

  • Analyze our visitors’ and users’ needs and interests, and personalize experience with the Services; and
  • Analyze use of the Services to study trends and users’ movements around the Services, improve the Services and develop new features and services.

To send you marketing and survey communications

We may send you surveys, newsletters or other marketing communications, but – depending on your jurisdiction – we will only do so if you consented or you may opt out of receiving them as described in the Opt out of marketing section below.

To analyze the success of marketing communication

We analyze the success of our marketing communication by tracking which emails are opened and which links are clicked by recipients.

For compliance, fraud prevention and safety

We may use your personal information as we believe appropriate to (a) investigate violations of and enforce our Terms of Service; (b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent

In addition to the uses above, we may ask for your consent to collect, use or share your personal information, such as when we are required to do so by law. In such an instance, we will provide additional information about uses and sharing at the point of collection.

Retention

We retain personal information for as long as it is required for our purposes, e.g. where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information and have neither another right nor an obligation to retain your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Notice to European Users

The following applies to individuals in the European Economic Area.

Controller The University of Pennsylvania is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. Our contact details can be found in How to Contact Us.

Details for processing. We describe the types of personal information processed for the purposes, the legal bases for our processing of your personal information and how long we retain the personal information in the table below. If you have questions about the below, contact us at [email protected].

Processing PurposeProcessed DataLegal BasisRetention
To operate the Services First name
Last name
Email address
IP address
Name of organization
Job title
Password
Information on grants
Payment data
Messages
We process your data to fulfill our obligations under a contract with you or based on our legitimate interest to be able to fulfill our obligations under a contract with the organization with which you are associated.As long as you use the Services. Beyond, we only store your data (within the scope of what is legally permissible) in order to fulfill any legal or regulatory obligations or to assert / defend against legal claims.
To improve the Services Email address
IP address
Usage behavior
Feedback
* Queries
These activities constitute our legitimate interests in improving our service offering and understanding how individuals interact with our services. We do not use your personal information based on our legitimate interests for activities where our interests are overridden by the impact on your rights and freedoms.As long as you use the Services. Beyond, we only store your data (within the scope of what is legally permissible) in order to fulfill any legal storage obligations or to assert / defend against legal claims.
To send you marketing and survey communications First name
Last name
* Email address
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the emails received and/or in Your choices and rights of this Policy.Until you revoke your consent or no longer show any interest in our newsletters.
To analyze the success of marketing communication Email address
Content of communication
* Activities in relation to communication, i.e. opening mails, clicks on links in mails
These activities constitute our legitimate interests in brand/business development and ensuring that our marketing communications are relevant and appropriate. We do not use your personal information based on our legitimate interests for activities where our interests are overridden by the impact on your rights and freedoms.For the duration of the relevant marketing campaign.
For compliance, fraud prevention and safety Usage behavior
Truncated IP address
* Information about used device (type, OS, browser, language settings)
These activities constitute our legitimate interests in complying with applicable laws, preventing and detecting fraud and ensuring the safety of our systems and users. We do not use your personal information based on our legitimate interests for activities where our interests are overridden by the impact on your rights and freedoms.As long as required to ensure the Services’ safety and assert / defend against legal claims.
For compliance with law (as required based on the legal obligation) First name
Last name
Email address
Name of organization
Job title
Password
Information on grants
Payment data
Messages / queries
Usage behavior
Feedback
Truncated IP address
* Information about used device (type, OS, browser, language settings)
Processing is necessary to comply with our legal obligations.As long as required to comply with the respective law.
To share your personal information as described in this Privacy Policy in How We Share your Personal Information (as required for the transfer purpose) First name
Last name
Email address
Name of organization
Job title
Password
Information on grants
Payment data
Messages / queries
Usage behavior
Feedback
Truncated IP address
* Information about used device (type, OS, browser, language settings)
If data is shared with service providers that do not act strictly based on our instructions, we either do so based on our legitimate interests to run our business efficiently (e.g. when sharing information with advisors), and in some cases may be necessary to comply with our legal obligations (e.g. towards authorities). In case a transfer requires your consent, we will inform you in more detail when obtaining your consent.As long as required for the purpose for which the data is processed and transferred. Beyond, we only store your data (within the scope of what is legally permissible) in order to fulfill any legal storage obligations or to assert / defend against legal claims.

How We Share your Personal Information

We share your personal information with third parties in the following circumstances. We will obtain your consent for such sharing beforehand, if required by applicable law:

Affiliates. We will share your personal information with our corporate affiliates for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information with third parties that provide services that help us with our business activities (such as customer support, payment processing, hosting and storage, website analytics, email delivery, database management services and legal and other professional advice). We authorize these third parties to access your personal information to the extent reasonably necessary for them to provide their services. If required by applicable law, we enter into specific data protection agreements with them. Our service providers may be located in the EU, U.S, Canada, or other foreign jurisdictions.

For legal reasons. We may disclose your personal information as we believe appropriate and as required and permitted by law to government or law enforcement officials or to private parties for the purposes described above for compliance, fraud prevention and safety.

Cross-border data transfer

If we transfer your personal information from the European Economic Area (“EEA”) or Switzerland to a third country, such as the United States, and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so, including using standard contractual clauses. For more information, regarding the guarantees applied in every case, please see our Data Processing Addendum or contact us through the email [email protected].

Your choices and rights

Access or update your information: Service account holders may review or update information in their registration profile by logging into their account or contacting us at [email protected].

Opt out of marketing emails: You may opt out of marketing-related emails by following the unsubscribe instructions in the email. You may continue to receive Services-related and other non-marketing emails.

Withdrawal of consent: You may withdraw the consent provided to us at any time with future effect contact us by email [email protected] or through our postal address provided in How to Contact Us.

In addition to the above, European data protection laws and other jurisdictions recognize you certain rights regarding your personal information, if applicable to you. You may ask us to take the following actions in relation to your personal information that we hold if the required legal preconditions are met:

  • Access. Provide you with information about our processing of your personal information and give you access to, or provide a copy of, your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice (so called portability).
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our processing of your personal information that impacts your rights in specific circumstances. You may always object to direct marketing activities conducted by us.

You may submit these requests by email to [email protected] or our postal address provided below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to a data protection regulator.

Under European data protection laws, if you consider that your rights have not been attended, you may file a complaint with the relevant data protection authority.

Cookies and Similar Technologies

We may use and allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Services and third party websites. For more details, see our Cookie Policy.

Other Important Privacy Information

Third party sites and services. The Services may contain links to other websites and services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications or services, and are not responsible for their data processing actions. Other websites and services follow different rules regarding their collection, use and sharing of your personal information. We encourage you to read their privacy policies to learn more.

Security practices. The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we process. However, security risk is inherent in all Internet and information technologies and we cannot guarantee the absolute security of your personal information.

Changes to this Privacy Policy. We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy we will notify you by email or through the Services if we are required to do so by applicable law.

How to Contact Us

email: [email protected]