Information Privacy Policy
1. Introduction
Organizations that serve research in science, technology, engineering, arts, and mathematics (STEAM) are contributing to the advancement of public life and culture. As such, people engaged to this effort, or leveraging resources from supporting organizations in the pursuit of these efforts, have an implied intent to make their contributions public. Publishing results is a prime activity and ultimate requirement of research institutions and is normally associated with a transfer of knowledge, copyright, or a broad license to distribute the material in an accountable way for the betterment of all. While there is a requirement of privacy during the formulation of the work, to protect provenance, the resulting publication (in the form of paper, book, report, thesis, press release etc.) is required to establish the claim of ownership and reputational credit for a contribution to the field of endeavor.
This premise forms the basis for the following policy on Information Privacy.
Additionally, be aware that the computing infrastructure of the Observatory is government property and, as such, is subject to the laws and regulations of the United States of America.
2. Summary
The purpose of this document is to ensure that you are aware of, and understand, what information may be collected when you access Observatory infrastructure, and what will be done with that information. Common sense is the general rule; we will endeavor to keep any personal information private, we will not spam you, and we won't publish any specific information about you without your prior permission, but we will seek to engage the community in an appropriate manner to further our mission.
The privacy policy can be stated simply:
- We will not collect any personally identifiable information (PII) about you without your consent when you use our services
- PII will not be released to any third party without your prior consent (unless information sharing is required by law)
3. In General
For accountability of NSF funded resources, certain PII data will be made public such as the name of the Principal Investigator, proposal category, proposal title and abstract. In addition, as with any publication or document of record, information given as part of a resource allocation request cannot be deleted, but may be corrected if verifiably wrong.
Likewise, some discussion groups hosted by the Observatory are publicly accessible. By posting to these discussion groups, we may make public the e-mail address from which you posted, which is again aligned with the intent of the forum for attribution and ownership of shared knowledge and insight. The correction or deletion of postings will be managed by the group moderators.
When third party service providers are engaged by the Observatory, we will contrast Information Privacy Policies and document any material differences.
E-mail addresses and other information obtained through any of the means below will not be sold or released to any third party, without prior written or authenticated e-mail consent from the owner of the information.
4. Web Access
As with most web servers, Observatory servers will automatically record the following information routinely in a "log" file:
- Your IP address, and hostname if available;
- The date and time of your access;
- The pages you visit on our server;
- The type of browser and operating system you use (your browser will give this information automatically to all web servers); and
- The referring page, if there was one.
These log files are private and confidential and will not be released to the general public. Statistics on what pages are the most popular, what domains are our biggest users, etc. may be released internally to NRAO technical staff, and for reporting on engagement impact, but these do not include any personal information. The intent of these statistics is simply to make our services better.
Certain elements of the Observatory’s Web Infrastructure use Google Analytics, a service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on your computer, to help analyze how the site is used. The information generated (including your IP address) will be transmitted to and stored by Google. Google will use this information for the purpose of compiling reports on website activity, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the website. By using our websites, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
5. E-Mail and Account Oversight
Users of Observatory E-mail and file systems should be aware that user accounts may be subject to review once the appropriate HR and Management approvals have been obtained (via the “User Account Access Request” form). Additionally, any E-mail will generate log entries that include the routine information associated with mail transfer protocols. Such log entries do not include the body (main text) of the message. The log entries will contain the e-mail address of the sender, its size, the number of recipients, the message ID, and the actual recipient and status of delivery (deferred, success, etc.). This information is kept confidential and is only used to help diagnose system problems, or to review activities that may violate Observatory Policies or other Operational or Employee rules and regulations.
The Observatory maintains several mailing lists to better engage the community. In order to further our mission of promoting astronomy, updates to our lists are garnered from attendance at community engagement events, but a communicated “unsubscribe” process will remove unwanted inclusion.
6. Data Protection Rights Under General Data Protection Regulation (GDPR)
For the purpose of this Privacy Policy, we may act as a “Data Controller” of your personal information.
If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it. We may need your personal information in order to:
- Enter into a contract with you; e.g. when you apply to use Observatory resources
- Report on usage demographic information to our funding agents and review bodies
- Process payments; such as for Scientific Event Registration
- To broaden participation through notification of community relevant information
- To comply with the law
Individuals have certain data protection rights:
- The right to access and update personal information, e.g. in myNRAO user accounts
- The right of rectification of verifiably erroneous information
- The right to object
- The right of restriction
- The right to data portability
- The right to withdraw consent
Please note that we may ask you to verify your identity before responding to such requests.
Updates to Our Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this policy, we may notify you on our Website, by a blog post, by email, or by any method we determine. The method we chose is at our sole discretion. We will also change the "Last Updated" date at the beginning of this Privacy Policy. Any changes we make to our Privacy Policy are effective as of this Last Updated date and replace any prior Privacy Policies.