GDC Privacy Policy

GDC Website Privacy Policy

Protecting your privacy is very important to us. Our GDC Web site links to other National Institutes of Health (NIH) sites, federal agency sites and occasionally, to private organizations. Once you leave the primary GDC Web site, you are subject to the privacy policy for the site(s) you are visiting. We do not collect any personally identifiable information (PII) about you during your visit to the GDC Web site unless you choose to provide it to us. We do, however, collect some data about your visit to our GDC Web site to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, and/or download information from our Web site. The GDC never collects information for commercial marketing or any purpose unrelated to the NIH mission and goals.

When visitors send a support request containing personal information to the GDC Support email at supportatnci-gdc.datacommons.io, the GDC maintains the request in the GDC Help Desk System. Only designated GDC Team Members requiring access to the support requests in order to assist visitors may view this information.

Types of Information Collected

Information Collected when Browsing the GDC

When you browse through any Web site, certain information about your visit can be collected. We automatically collect and temporarily store the following types of information about your visit:

  • Domain from which you access the Internet
  • IP address (an IP address is a number that is automatically assigned to a computer when surfing the Web)
  • Operating system and information about the browser used when visiting the site
  • Date and time of your visit
  • Pages you visited
  • Address of the Web site that connected you to the GDC (such as google.com or bing.com)
  • Demographic and interest data
  • eRA Commons ID

We use this information to measure the number of visitors to our site and its various sections and to help make our site more useful to visitors. This information cannot be used to identify you as an individual.

Information Collected when Submitting a Support Request

When you submit a support request through the GDC Support email at supportatnci-gdc.datacommons.io, we collect the following types of information:

  • Name
  • E-mail address
  • Phone number (if provided)
  • Inquiry type
  • Inquiry description
  • Any files uploaded in support of the inquiry
  • Date and time the inquiry was submitted

How the GDC Collects Information

The GDC uses several tools to collect the information listed above in Information Collected when Browsing the GDC. No Personally Identifiable Information (PII) is collected. This data is used to monitor the health and growth of the system and comply with security and auditing best practices. The GDC Team conducts analyses and generates reports with this information, which are shared only with GDC Team Members, NIH Senior Staff, and members of the NIH Communications Team who require this information to perform their duties.

The GDC uses the GDC Support email at supportatnci-gdc.datacommons.io to collect the information in the bulleted list in the Information Collected when Submitting a Support Request section. Information collected is maintained in the GDC Help Desk System. The GDC uses the information to provide users with assistance and improve the GDC. These support facilities require the collection of PII so that GDC Team Members can correspond directly with users to provide assistance.

The GDC retains the data from web analytics reporting tools and support requests as long as needed to support the mission of the GDC.

How the GDC Uses Cookies

The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies allows Federal agencies to use session and persistent cookies.

When you visit any Web site, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected.

The cookie makes it easier for you to use the dynamic features of Web pages. Cookies from GDC Web pages only collect information about your browser’s visit to the site; they do not collect personal information about you.

There are two types of cookies, single session (temporary), and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.

Session Cookies

We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1 — Single Session.” The policy says, "This tier encompasses any use of single session web measurement and customization technologies."

Persistent Cookies

We use persistent cookies to enable web analytics reporting tools to differentiate between new and returning GDC visitors. Persistent cookies remain on your computer between visits to the GDC until they expire. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2 — Multi-session without Personally Identifiable Information (PII).” The policy says, "This tier encompasses any use of multi-session Web measurement and customization technologies when no PII is collected."

How to Opt Out to Disable Cookies

If you do not wish to have session or persistent cookies placed on your computer, you can disable them using your Web browser. If you opt out of cookies, you will still have access to all information and resources at the GDC. Instructions for disabling or opting out of cookies in the most popular browsers are located at http://www.usa.gov/optout_instructions.shtml. Please note that by following the instructions to opt-out of cookies, you will disable cookies from all sources, not just those from the GDC.

How Personal Information is Protected

You do not have to give us personal information to visit the GDC. However, if you choose to submit support requests, we collect your email address to allow us to respond to your request. If you choose to provide us with personally identifiable information, that is, information that is personal in nature and which may be used to identify you, through an e-mail message or electronic form, we will maintain the information you provide only as long as needed. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). If the GDC operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide personally identifiable information. The notice must address the following five criteria:

  • Legal authorization to collect information about you
  • Purpose of the information collection
  • Routine uses for disclosure of information outside of the GDC
  • Whether the request made of you is voluntary or mandatory under law
  • Effects of non-disclosure if you choose to not provide the requested information

For further information about the GDC privacy policy, please contact GDC Support at supportatnci-gdc.datacommons.io.

Data Safeguarding and Privacy

The GDC uses web measurement and customization technologies to help our Web sites function better for visitors and to better understand how the public uses the online resources we provide. All uses of web-based technologies comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems owned and operated by the GDC are assessed using Privacy Impact Assessments (PIAs) posted for public view on the Department of Health and Human Services (DHHS) Web site at http://www.hhs.gov/pia/. NIH conducts and publishes a PIA for each use of a third-party website and application (TPWA) as they may have a different functionality or practice. TPWA PIAs are posted for public view on the DHHS Web site at http://www.hhs.gov/pia/#Third-Party.

Groups of records that contain information about an individual and are designed to be retrieved by the individual’s name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy Website. When you visit the NIH Institute/Center sites, please look for the Privacy Notice posted on the main pages. When web measurement and customization technologies are used, the Privacy Policy/Notice must provide:

  • Purpose of the web measurement and/or customization technology
  • Usage tier, session type, and technology used
  • Nature of the information collected
  • Purpose and use of the information
  • Whether and to whom the information will be disclosed
  • Privacy safeguards applied to the information
  • Data retention policy for the information
  • Whether the technology is enabled by default or not and why
  • How to opt-out of the web measurement/customization technology
  • Statement that opting-out still permits users to access comparable information or services
  • Identities of all third-party vendors involved in the measurement and customization process

Data Retention and Access Limits

The GDC will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic Records, and will be handled per the requirements of that schedule.

How the GDC uses Third-Party Web sites and Applications

As part of the OMB Memo M-10-06, Open Government Directive, the GDC uses a variety of new technologies and social media options to communicate and interact with citizens. These sites and applications include popular social networking and media sites, open source software communities and more. TPWAs are Web-based technologies that are not exclusively operated or controlled by the GDC, such as applications not hosted on a.gov domain or those that are embedded on GDC Web pages. Users of TPWAs often share information with the general public, user community, and/or the third-party operating the Web site. These actors may use this information in a variety of ways. TPWAs could cause PII to become available or accessible to the GDC and the public, regardless of whether the information is explicitly solicited or collected by NIH.

The following list includes some of the TPWAs we use and their purpose. The GDC sometimes collects and uses PII made available through third-party Web sites. However, we do not share PII made available through third-party Web sites. Your activity on the third-party Web sites we use is governed by the security and privacy policy of those sites, which we have linked below. You should review the third-party privacy policies before using the sites and ensure that you understand how your information may be used. If you have an account with a third-party Web site, and choose to follow, like, friend, or comment, certain PII associated with your account may be made available to the GDC based on the privacy policy of the third-party Web site and your privacy settings within that third-party Web site. Therefore, you should also adjust privacy settings on your account to match your preferences.

For any GDC TPWA that collects PII, the list below also includes details on the information the GDC collects and how we will protect your private information.

Third-Party Web Sites and Applications

Bit.ly - The GDC uses Bit.ly to shorten long URLs for use in email messages, Twitter feeds and on Facebook pages. Bit.ly collects and provides data on how often you as an email recipient or Facebook/Twitter user, click on the shortened URLs distributed by NIH staff. Bit.ly analytics show how many people clicked on the URLs posted by NIH, compared to the total number of clicks on the shortened URLs. Bit.ly analytics do not provide any PII about the visitors who open the shortened links. The Bit.ly Privacy Policy is available at http://bit.ly/pages/privacy.

Twitter - The GDC uses Twitter to send short messages or ‘Tweets’ (up to 140 characters) to share information about the GDC with you. While you may read the GDC Twitter feeds without subscribing to them, if you want to subscribe to (or follow) GDC Twitter feeds, you must create a Twitter account at www.twitter.com. To create an account, you must provide some personal information, such as your name, user name, password and email address. You have the option to provide additional personal information including a short biography, location or a picture. Most information you provide for a Twitter account is available to the public, but you can modify how much of your information is visible by changing your privacy settings at the Twitter.com Web site. GDC Team Members monitor the number of subscribers and view comments and queries via Twitter, but the team members never takes possession of the personal information belonging to you as a Twitter follower. However, as a practice, comment moderator policy requires the removal from the GDC Twitter pages of any comments that contain spam or are improper, inflammatory, or offensive. The information is then saved on a password-protected shared drive accessible to GDC Managers, System Owners, Communications Staff, Web Teams, and other designated staff who require this information to perform their duties. The Twitter Privacy Policy is available at http://twitter.com/privacy.

YouTube - The GDC uses YouTube to host informational videos on the GDC. NIH conducts and publishes a Privacy Impact Assessment (PIA) for each use of a third-party website as they may have a different functionality or practice. To learn more, visit the published PIAs at http://www.hhs.gov/pia/#Third-Party.

For more information on the uses of social and new media for which GSA has negotiated a federally-friendly Terms of Service Agreement, visit DigitalGov at http://www.digitalgov.gov/resources/negotiated-terms-of-service-agreements/.

For further information about the GDC privacy policy, please contact GDC Support at: supportatnci-gdc.datacommons.io. For information about the NIH privacy policy, please contact the NIH Senior Official for Privacy at privacyatmail.nih.gov (link sends e-mail); call 301-451-3426 or visit https://oma.od.nih.gov/DMS/Pages/Privacy-Program.aspx.