Last updated: March 10, 2022 (updated link to GDPR policy)
BioPortal and OntoPortal Web sites and services [“Our Sites”] that are operated by Stanford’s Center for Biomedical Informatics Research [BMIR, “us”, or “we”], as well as to any BMIR software applications that you download or instantiate for use on your own systems [“Our Applications”]. We may update this policy at any time; if we do so we will revise the date and place notices on Our Sites if changes are material. We will obtain your consent if that is required by law.
BMIR is not responsible for the content or the privacy policies of sites to which Our Sites may link.
Primary Policy for Individual in European Union
Stanford University’s EU General Data Protection Regulation Data Subjects Rights describes the personal data rights of individuals located in the European Economic Area only, whose Personal Data Stanford processes (“Data Subjects”). For those individuals, the Stanford GDPR policy takes precedence over this policy in case of any conflict.
In addition, we will attempt to follow the practices described in the Stanford Policy for any user of our site, resources permitting.
Our Sites offer a number of services that do not require you to register for an account or provide any personal information to us. In order to provide our full range of services, we may collect the following types of information:
- Personal information you provide: When you become a registered user, we ask you for personal information (such as your name, email address and an account password). If you request software, we also ask several questions to help us understand who uses our software, and to enable us to contact you regarding Our Applications’ issues and updates.
- Content that you provide, and associated metadata: When you submit content to Our Sites (ontologies, mappings, metadata templates and values, and other entries relating to existing site content), if this content is not designated as Private, we assume you wish to share it with other individuals, users of Our Sites, and the general public (according to the content’s sharing settings). We also assume you wish to share your own account name as the originator of that content, and other metadata about the content such as its creation and modification dates.
- Log information: Our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
- User communications: When you send email or other communication to Our Sites, we may retain those communications in order to process your inquiries, respond to your requests and improve our services. Any email sent to any of our support lists is maintained indefinitely for reference by future users of the support list.
- Embedded URLs: In order to provide maximum site utility, some of Our Sites may also use a tracking technique that uses embedded URLs to allow easier use of the site. Embedded URLs are visible as plain text or encoded extensions to the URL that appears in the browser address or location toolbar. This technology allows limited information to follow you as you navigate the site, but is not attached to personal data and is not used beyond the session.
- Software applications deployment information: When you download and install one of Our Applications, it may connect to a server in BMIR and communicate its current operating system (so we can notify you of appropriate upgrades) and the contact information for the administrator (so we can contact you with urgent information). Depending on your license for using the application, it may also report anonymized usage statistics like number of ontologies and number of daily users. More information about the communication of Our Applications with BMIR servers is provided with the installation documentation of each application.
We use the information we collect for the following purposes:
- Providing our services to users, including the display of public content and customized content
- Ensuring and improving the technical functioning of Our Sites and our networks
- Auditing, research and analysis in order to maintain, protect and improve our services
- Performing scientific research on provided content, so long as no private content is thereby exposed
- Notifying you of upgrades and critical information regarding your use of Our Applications
We may share certain content that you provide (such as requests for ontology changes), including metadata about that content, and your name and email as the content originator, to third party research services for them to act on that content on your behalf.
If you have an account on Our Sites, we may share your account name as an incidental part of site operations, for example to support autocompletion when one selects users with whom to share content.
For research purposes, we may share anonymized log data from Our Sites and Our Applications with collaborators, who may share this data as part of their research.
Securing Your Data
To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to protect the information we collect online, and to maintain the privacy of any submitted data you mark as private.