UPDATED: January 19, 2022
The University of Chicago (the “University” or “we”) is committed to protecting the privacy of the Globus user community. The intent of this Privacy Notice is to inform you of our policies and procedures regarding the collection, use, and disclosure of the information we receive from users of Globus websites hosted at globus.org, globusid.org, and globusworld.org, and customer branded websites hosted by Globus (the “Sites”, collectively), and of the Globus services (together with the Sites, the “Services”).
We may update this Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on the Sites and updating the “Updated” date above. We reserve the right to modify this Privacy Notice at any time, so please review it frequently. Unless otherwise defined in this Privacy Notice, terms used in this Privacy Notice have the same meanings as in our Globus Terms of Service.
As used in this policy, the terms “using” and “processing” information include using cookies on a computer, subjecting information to statistical or other analysis, and using or handling information in any way, including without limitation collecting, storing, evaluating, modifying, deleting, using, combining, disclosing, and transferring information within our organization or among our affiliates within the United States or internationally.
I. Information Collection
Below are the types and categories of information that we collect.
A. Personal Information
When you register with us through the Services or use certain features of the Services, we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). The Personal Information you may be required to provide consists of your name, username, GlobusID password, and email address. In addition, you may be required or have the option to provide additional Personal Information, such as a phone number, mailing address, or other types of contact information, when, for example, you join a group, create an endpoint or a collection, create a search index, create a flow, or register for an event. To the extent required by law, we treat the Internet Protocol (IP) address of your personal computer, which is collected as Log Data, as Personal Information.
B. Non-Identifying Information
We may ask you for information about you that is not personally identifiable, such as your organization, your organization’s non-profit or commercial status, and your preferred time zone (“Non-Identifying Information”). We may also ask you for information that is not about you, such as the name or description for entities you create in the Services (e.g., the names of endpoints, collections, bookmarks, groups, transfer requests, indices, or flows). We treat this information as Non-Identifying Information and do not treat it as Personal Information. Therefore, we recommend that you do not include any personally identifiable information in such information.
We treat the names of the files and directory paths that you access, manage, or transfer via the Services as Non-Identifying Information. Therefore, we recommend that you do not include any personally identifiable information in the names of the files and directory paths that you access, manage, or transfer via the Services.
While Globus may view and store your filenames, directory paths, file sizes, file checksums, and other file metadata, we do not view the contents of your files or store the contents of your files on our systems or equipment, unless specifically directed by you to do so (e.g., for the purpose of troubleshooting or providing user support).
C. Log Data
When you use the Services, whether logged into a Globus account or as a non-registered user just browsing (any of these, a “Globus User”), we automatically record information about your use of the Services and your visit to the Sites (“Log Data”). For example, this Log Data includes without limitation: information about your activities for data management; search activity; flow execution activity; filenames and other file metadata (but not the file contents); your computer’s Internet Protocol (IP) address; your browser type; what software you were using with the Services; the web page you were visiting immediately prior to visiting our Sites; pages of our Sites that you visited; the time spent on those pages; information you searched for on our Sites; and the times and dates you accessed our Services. Log Data may include Personal Information.
II. Use of Information
Our primary goal in using the Personal Information we collect is to provide, to secure, and to improve the Services. When using Personal Information we always take the importance of your privacy into account. We use your Personal Information in the following ways.
A. Service Delivery
We use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to provide you with the services that you request from us. For example, if you are using the Services, we may use your Personal Information to facilitate the transfer of your files or the management of your search index or the execution of your flows. We also may use your Personal Information to deliver other services, such as educational content, information, newsletters, or software you request. Subject to the section below titled “Sharing and Disclosure of Information,” we may also use the combined information without aggregating it to serve you specifically, for instance, to deliver a product to you according to your preferences or restrictions. Finally, we may use your information to communicate with you via email or other means, either in response to an inquiry by you or otherwise. We may communicate with you to inform you of Services related information, to alert you to important Service announcements, such as security alerts, or to convey the status of activities you have requested from the Services.
B. Service Improvement
We may combine your Personal Information with Non-Identifying Information and Log Data and aggregate it with information collected from other Globus Users in order to provide you with a better experience, to improve the quality and value of the Services, and to analyze and understand how our Services are used.
We also use your Personal Information, perhaps in combination with Non-Identifying Information and Log Data, to contact you with Globus newsletters, marketing or promotional materials, and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications, or email us at firstname.lastname@example.org with an explicit request to have your information removed from our mailing list. We will comply with your request as soon as reasonably practicable. In no event will we make your Personal Information available for a fee or for marketing not related to Globus.
We may use your Personal Information for research purposes. All human subjects research we conduct using your Personal Information is reviewed by an Institutional Review Board to ensure protection of your interests. We never disclose your Personal Information in research publications or in any other method of communicating research results.
III. Sharing and Disclosure of Information
Below we describe the ways that we share the information that we collect via the Services, including your Personal Information, Non-Identifying Information, and Log Data (collectively referred to as “information”). Other than as described in this section, we do not disclose information about you to third parties.
A. Aggregate Information and Non-Identifying Information
We may share aggregated data that does not include Personal Information, and we may otherwise disclose Non-Identifying Information and Log Data to third parties for industry analysis, demographic profiling, or other purposes. Any aggregated data shared in these contexts will not contain your Personal Information.
B. Service Providers
We may employ or partner with third party companies, organizations, and individuals, to provide the Services on our behalf, and to provide capabilities for us to deliver the Services (“Service Providers''). The Service Providers we use include, without limitation, service providers that provide the following types of services: customer support ticketing systems; software development; cyber infrastructure; cybersecurity; mailing lists; website hosting; accounting; website and user analytics; customer relationship management; webcasting; website maintenance; document storage and management; business communications; teleconferencing; source code management; database management; and chat hosting. Our Service Providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
C. Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government, to law enforcement officials, or to private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal processes (including without limitation subpoenas), to protect our property and rights or those of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
D. Sharing Your Information With Other Users
Other Globus Users may be able to see your Personal Information and Non-Identifying Information. For example, all Globus Users may see your name, username, email address, and organization. Access to some resources and features may require that you share additional information with other Globus Users. For example, a group manager may require that you share your phone number with them before they will admit you to the group. However, all such information sharing is under your control and requires your consent.
Non-Identifying Information and Personal Information may be shared with the administrators of resources that you access via Globus. For example, if you transfer data to or from an organization’s storage system, the storage system administrator or the organization’s delegate may have access to your email (Personal Information) or file names (Non-Identifying Information). If you use an identity or email provided by an organization, for example your employer, to access the Service, we may share your Personal Information and Non-Identifying information with the organization. If you submit a query to an index, we may share the contents of the query with the index administrator.
We may have to share your Personal Information in the event of a reorganization or in the event we merge or assign all or part of our assets to another party, but such other party shall have the same obligations with respect to your information under this Privacy Notice as we do.
V. Individual Rights
Various jurisdictions grant individuals rights regarding their data, including: (i) the right to request access to your information held by Globus; (ii) the right to have inaccurate or incomplete personal data rectified; (iii) the right to erasure of your information, provided there is no legitimate reason for the University to continue to process or retain the information; (iv) the right to restrict processing of your information in specific situations; (v) the right to request provision of some elements of your information; (vi) the right to object to processing of your information, including to sending you communications that may be considered direct-marketing materials; (vii) the right to object to automated decision-making and profiling, where applicable. All requests to exercise any of these rights should be made to Globus at the contact information provided at the end of this Privacy Notice.
While we encourage you to bring your concerns to us in the first instance, in certain jurisdictions, you may also have the right to submit a complaint to the jurisdiction’s supervisory authority for data protection matters.
We do not and will not, at any time, request your credit card information, login password, or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. For more information about identity theft and phishing, visit the Federal Trade Commission’s website.
VII. Changing or Deleting Your Information
You may review, update, correct, or delete the Personal Information in your GlobusID account profile by logging into your account and changing the user profile information associated with your account. In order to delete your GlobusID account or another identity you used with Globus services, please submit a request by emailing email@example.com.
VIII. Data Retention Policy
We may retain your Personal Information until you have requested that we delete your account from the Service. We may retain your Personal Information and Non-Identifying information until it is no longer necessary to deliver or improve our service. We may retain Personal Information and Non-Identifying information for research purposes until it no longer has the potential to inform research. We may purge Log Data after 90 days. We retain Log Data consistent with applicable legal requirements. We may purge the Log Data from our systems in accordance with any legal requirements. In the event of an investigation by law enforcement or a response to claims or legal process, we may retain the Log Data until such investigation or process is completed.
We take safeguarding your information very seriously. We employ commercially reasonable administrative, physical, and technical measures designed to protect the Personal Information submitted to us from unauthorized access, both during transmission and once we receive it. However, no method of data transmission over the Internet or method of electronic data storage is 100% secure, and therefore, we cannot guarantee the absolute security of your Personal Information.
We will make disclosures of any breach of the security and confidentiality of your unencrypted electronically stored “personal data” (as defined in applicable laws related to security breach notification) as required by law. We will make such disclosures to you via email or conspicuous posting on the Sites in the most expedient time possible and without unreasonable delay. In the event of a breach, we shall only disclose your “personal information” to the extent required by and consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger with another party, you grant us the right to assign the information collected via the Service to such other party.
XI. International Transfer
Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, you should be aware that we transfer Personal Information to the United States and process it there. Your consent to this Privacy Notice followed by your submission of such information represents your agreement to such transfer.
XII. Links to Other Websites
Our Sites contain links to other websites. If you choose to click on a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party, and it is not an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data, or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
XIII. Our Policy Toward Children
The Service is not directed to children under 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information.
XIV. Contact Us
If you have any questions or concerns, please contact us at email@example.com.