Privacy Policy
Protecting your privacy is very important to us. Our Web site links to other National Institutes of Health (NIH) sites, federal agency sites, and private organizations. Once you leave the primary IDC site, you are subject to the privacy policy for the site(s) you are visiting. In addition to name and email address, we collect some data about your visit to our Web site to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, and/or download information from our Web site. We never collect information for commercial marketing or any purpose unrelated to the IDC mission and goals.
Types of Information Collected
When you browse through any Web site, certain information about your visit can be collected. We automatically collect and store the following type of information about your visit:
- Domain from which you access the Internet
- IP address (an IP address is a number that is automatically assigned to a computer when surfing the Web)
- Operating system and information about the browser used when visiting the site
- Date and time of your visit
- Pages you visited
- Address of the Web site that connected you to the IDC site (such as google.com or bing.com)
- Email address associated to your Google Account
- Name (as available in your Google Account profile)
- Information about what datasets are visited, linked to the IP address used to visit it
- Information about the datasets that were accessed from Google Cloud Storage requester pays, and the associated IP address, and Collection ID
We use this information to measure the number of visitors to our site and its various sections and datasets to help make our site more useful to visitors.
How IDC Collects Information
IDC uses Google Analytics, Google Cloud Platform StackDriver Logging, and the IDC login process to collect the information in the bulleted list in the Types of Information Collected section above. Google Analytics and StackDriver gather information automatically and continuously. No Personally Identifiable Information (PII) is collected from these two systems. When you log in to our IDC site using a Google Account or a personal email, we collect your email address and name (as stored in your Google Account profile if applicable). IDC staff conducts analyses and reports on the aggregated data, and those reports are only available to the NCI and NIH.
IDC retains the data from Google Analytics, StackDriver, and the login process as long as needed to support the mission of the IDC website and the NCI.
How IDC Uses Cookies
The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (link is external) allows Federal agencies to use session and persistent cookies.
When you visit any Web site, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected.
The cookie makes it easier for you to use the dynamic features of Web pages. Cookies from IDC pages only collect information about your browser’s visit to the site; they do not collect personal information about you.
There are two types of cookies, single session (temporary), and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.
Session Cookies
IDC uses session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1 — Single Session.” The policy says, "This tier encompasses any use of single session web measurement and customization technologies."
Persistent Cookies
IDC uses persistent cookies to enable Google Analytics to differentiate between new and returning IDC visitors. Persistent cookies remain on your computer between visits to IDC until they expire. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2 — Multi-session without Personally Identifiable Information (PII).” The policy says, "This tier encompasses any use of multi-session Web measurement and customization technologies when no PII is collected."
How Personal Information Is Protected
If you choose to log in to our site with your Google Account we will receive your email address and name as listed in your Google Account profile. If you choose to make an account on our site using a personal email address, we will receive only that email address; any other profile information is optional and must be entered by you. We will maintain this information for security purposes only. We will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).
Data Safeguarding and Privacy
IDC uses web measurement and customization technologies to help our Web sites function better for visitors and to better understand how the public uses the online resources we provide. All uses of web-based technologies comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems operated by IDC are assessed using Privacy Impact Assessments (PIAs) posted for public view on the Department of Health and Human Services (DHHS) Web site (link is external). IDC conducts and publishes a PIA for each use of a third-party website and application (TPWA) as they may have a different functionality or practice. TPWA PIAs are posted for public view on the DHHS Web site (link is external).
Groups of records that contain information about an individual and are designed to be retrieved by the individual’s name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy Website (link is external). When web measurement and customization technologies are used, the Privacy Policy/Notice must provide:
- Purpose of the web measurement and/or customization technology
- Usage tier, session type, and technology used
- Nature of the information collected
- Purpose and use of the information
- Whether and to whom the information will be disclosed
- Privacy safeguards applied to the information
- Data retention policy for the information
- Whether the technology is enabled by default or not and why
- Statement that opting-out still permits users to access comparable information or services
- Identities of all third-party vendors involved in the measurement and customization process
Data Retention and Access Limits
IDC will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic Records,' and will be handled per the requirements of that schedule (link is external).