This privacy statement describes how Michigan State University handles your personal information when you use Humanities Commons. In this document, we provide detail on how we handle account creation and log-in information, the information we collect, our records retention practices, and your rights related to your personal data.
Introduction
Michigan State University (“we,” “us,” “our,” or “MSU”) appreciates the importance of your privacy. We are committed to transparency and disclosure of the ways we gather and use personal and nonpersonal information on Humanities Commons.
This privacy statement (this “Privacy Statement”), along with the Terms of Use and Guidelines for Use, constitutes the agreement (the “Agreement”) between us and you regarding your use of Humanities Commons and its connected services, including but not limited to the Commons Open Repository Exchange (collectively, “Humanities Commons,” the “Commons” or the “Network”).
This Privacy Statement describes how we collect and use your information in connection with the Commons and the choices you can make regarding your information. Our goal is to be minimally intrusive while providing a robust environment for open scholarly exchange. As a result, much of the information you share and your activity on the Commons may be seen by any visitor to the Network, whether or not the visitor is a registered user of the Network or a member of a participating organization that sponsors the Network (each a “Participating Organization”). Our goal is to be clear about how we use the personal and nonpersonal information you provide through the Network.
We may modify this Privacy Statement, along with the rest of the Agreement, in our sole discretion. We will take reasonable steps to notify you of any changes to this Privacy Statement in a manner commensurate with the nature of the changes; however, we urge you to review this Privacy Statement periodically.
1. CONSENT
When you submit information to MSU by using or visiting Humanities Commons, you consent to the collection, use and disclosure of that information as described in this Privacy Statement.
2. LOCATION OF SERVERS AND TRANSFER OF INFORMATION: SPECIAL ALERT TO NON–UNITED STATES USERS
a. General
Our servers are located in the United States. We strive to be fully compliant with international privacy laws. If you are located outside the United States, be aware that the information you provide us will be transferred to the United States and that the law applicable to the protection of personal and other information in the United States may be different from the laws of your jurisdiction.
b. Rights for Data Subjects in the European Union
If you provide information to the Commons from a location in the European Union, you consent to the transfer of your personal information outside the European Union to the United States.
To the extent applicable, the European Union’s General Data Protection Regulation (GDPR) grants data subjects in the European Union the right, in certain circumstances, to request access to, a copy of, rectification, restriction in the use of or erasure of your information. Your requests pursuant to the GDPR will be subject to the retention periods of applicable federal and state law. The GDPR provides further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority. If you are inclined to exercise rights under the GDPR, please contact us electronically or by mail sent to the address provided in section 11 below.
If you provide information to the Commons from a location in the European Union, and you withdraw your consent under section 1 and/or this section 2 at any time, then MSU will not permit you to use the Network after such time.
3. User Information
In this Privacy Statement, the personal information you provide to the Commons when you create and use an account, including information about your activity on the Network that we record, is referred to as “User Information.”
a. Account Creation and Authentication
To create an account on the Commons, you must provide us with information that verifies your identity and handles your log-in process. That verification and log-in process can be managed by a trusted source such as your university or a social identity provider such as Google or Twitter, or you can provide the information directly to our servers. We then use that information to determine the areas within the Network to which you should be provided access. In what follows, we describe each of those scenarios, and how we use the information that we receive. No other user information sent by an identity provider will be collected or stored during the authentication process.
i. Google. When you use Google to create and authenticate your account, the log-in process takes place on Google’s servers. MSU receives the following information:
- Your unique Google identifier, a string of digits that identifies your account
- Your e-mail address or addresses known by Google
- Whether your e-mail address or addresses have been verified by Google
That information is recorded in our user database, but only your Google identifier is used to connect to your account. Google may send additional information, including your Google profile URL, your profile picture, and your name; this information is not recorded and is not used by MSU.
ii. Twitter. When you use Twitter to create and authenticate your account, the log-in process takes place on Twitter’s servers. MSU receives the following information:
- Your unique Twitter identifier, a string of digits that identifies your account
- Your Twitter screen name
Your Twitter identifier is recorded in our user database and is used to connect to your account. Your screen name is not recorded and is not used by MSU.
iii. Your University. When you use your institution’s identity provision service to create and authenticate your account, the log-in process takes place on your institution’s servers. Institutional identity providers federate with MSU through their membership in InCommon and eduGAIN. MSU, as a registrant in the REFEDs Research and Scholarship Entity Category, receives the following information:
- Your shared user identifier
- Your name
- Your e-mail address
Your Participating Organization may additionally send your affiliation (i.e., staff, student, faculty member) to MSU. Your shared user identifier is recorded in our user database and is used to connect to your account. Your name and e-mail address are not recorded and are not used by MSU.
iv. Our Servers. When you opt to create a log-in identity on MSU’s servers in order to create and authenticate your Commons account, we require you to give us the following information:
- A username
- Your e-mail address
- A password
Your username is recorded in our user database and is used to connect to your account. We store your username and password to authenticate the account, and we store your e-mail address to allow you to reset your password.
b. Participating Organization Membership
When you register (and periodically thereafter), we will check to see if you have a membership in a Participating Organization by searching for your e-mail address in its membership database. If you are a member of a Participating Organization, MSU may retrieve the following information from your Participating Organization membership record:
- Your full name
- Your member number or ID
- Your position and institutional affiliation, if any
- Your e-mail address
- Your membership in any official Participating Organization groups
- The expiration date of your membership with a Participating Organization
- Your ORCID identifier
If this information is retrieved, we will use your full name associated with your membership in a Participating Organization to create your account, and your full name, position, and institutional affiliation, if any, will be made publicly visible on your account profile (“Profile”). Information about your membership in any official Participating Organization groups will be used to automatically place you into the associated groups on the Network. Except as provided in this Privacy Statement, the rest of the information taken from your Participating Organization membership record is used only for our authentication, debugging, and other internal purposes and will not be shared with any third parties.
c. Your Profile and Activity
The Commons is a professional scholarly network designed to promote collaboration and discussion among scholars, students, and practitioners in humanities fields, as well as dissemination of users’ work to the broader intellectual community online, and as such, it counts openness among its primary values. The purpose of MSU’s collection of User Information is to operate the Network and allow Network users to connect and interact with one another. As a result, much of your activity and communication that takes place within the Commons is openly visible to any visitor to the Network, whether or not the visitor is a member of a Participating Organization or is logged in, and is likewise visible to search engines. This section describes how certain User Information will be made available on the Commons.
i. Profile and Activity Information.
You may choose to provide information to complete additional fields in your Profile. Any such User Information you volunteer for your Profile, such as your photo, your professional history, your Twitter username, your ORCID identifier, your interests, status updates, and your Web site URL, will also be visible to any visitor to the Network, whether or not the visitor is a Network user or is logged in. If you do not wish to share this User Information, do not add it to your Profile. Please do not post any personal identification numbers or other private information not required for registering for or using the Network.
Similarly, except as specifically described below, all of your activity on the Network will be viewable by any visitor to the Commons, including through your Profile, whether or not the visitor is a Network user or is logged in.
ii. Private Activities.
Limited portions of your activities on the Network are private. Your activity in these sections will not be publicly visible in your Profile, and only certain other Commons users, as described below, will be able to see this activity.
(a) Private and Hidden Groups. The Network allows Commons users to create private and hidden groups, in addition to public groups. All Network visitors can see that a private group exists, and a user’s membership in private groups is visible in their Profile, but only Commons users who have been permitted to join a private group by the administrator of the group will be able to see other users’ activity in the private group. Hidden groups are similar, except that only users who have been invited to join the group can see that the hidden group exists, and a user’s membership in hidden groups is not visible in their Profile.
(b) Restricted Sites. The Network allows users to restrict access to sites they have created or administer; only those users identified by the site administrator will be able to see the content posted on the sites, though the administration of the site will be visible in the administrator’s Profile.
(c) Private Messages. The Network allows users to send private messages to one another; these messages and the fact that users have sent or received them will not be viewable by anyone except the sender and the recipient.
If you create a site or group on the Commons, that space is still subject to the policies and guidelines that govern the Network as a whole, and you as owner/moderator are responsible for complying with relevant policies, including policies related to visitors’ personal data.
d. Network Communications
We may use your User Information to send you important messages about the Network through e-mail or through other means available through the Commons. For example, we may send you important messages about the operation of the Commons (e.g., if we add or change Network functionality or change our Terms of Use or this Privacy Statement). Other e-mail preferences can be set in your Profile.
4. Collected Information
In the normal operation of the Commons, the Network collects certain information from visitors whether or not they are logged in. Additionally, visitors may voluntarily provide information to sites within the Network whether or not they are logged in. In this Privacy Statement, we refer to both forms as “Collected Information;” this section describes what we collect and the ways we store and use it.
Collected Information (including, without limitation, nonpersonal data) may be used to provide or support Network services as follows.
a. Cookies
Like most Web sites, the Commons uses cookies and may use other technology that obtains nonpersonal data from visitors. For instance, we use cookies during the registration and log-in processes or to remember certain preferences. This data may include browser type, IP address, language preference, referring site, and the date and time of each visitor request. You can remove or block cookies using the settings in your browser, though doing so may affect your ability to use the Network.
b. Analytics
While we use Google Analytics to assess aggregate statistics about the Network’s traffic, we do not enable Google Analytics to record IP addresses or other identifying personal information from visitors.
c. Nonpersonal Data
We may use nonpersonal data to help diagnose and repair issues with your use of the Network, administer the Network, monitor Network usage, provide customization options, understand how our visitors use the Commons, make decisions about how to change and adapt the Network, and create anonymous Network statistics. From time to time, we may release nonpersonal data in aggregate form (for instance, by publishing trends in Network usage). We will not release individual information, only aggregate information.
d. Logs
Our server logs record information about visits to the site, which we keep for a period of time in case we need to investigate an error, help a user fix a problem, or review how the site is being used. These logs are retained in accordance with our data retention policy (see below).
e. Users’ Sites on the Commons
Sites created by Users may include embedded content or use plug-ins that may collect personal data of visitors. Please be aware, when you visit such a site, that your personal data could be collected in one of the following ways:
- Comments: When visitors who are not logged in leave a comment on a site, the IP address and browser are recorded in order to counteract spam. In addition, personal information like name and e-mail address submitted in comment form will be collected.
- Contact form: Users shall specify in any contact form how the personal information entered will be used.
- Embedded content: A site may embed content from other Web sites. Such embedded content (which could include a tweet or YouTube video) may allow that other Web site to collect data about you through cookies or other tracking methods.
- Plug-ins: While we aim to limit the availability of plug-ins that send data to third-parties, some plug-ins collect personal data.
5. Sharing Information with Third Parties
MSU takes the privacy of users very seriously, and we do not sell, rent, or otherwise provide your User Information or Collected Information to third parties, except as described in this Privacy Statement, unless disclosure is reasonably necessary in our opinion to (1) comply with legal process, including, but not limited to, civil and criminal subpoenas, court orders, or other compulsory disclosures; (2) enforce this Agreement; (3) respond to claims of a violation of the rights of third parties; (4) respond to customer service inquiries; or (5) protect the rights, property, or personal safety of MSU, its trustees, employees, officers, our users, or the public.
MSU uses third-party service providers (“Service Providers”) to provide certain services, such as hosting, which are necessary for the Network’s operations. We also use Service Providers to enhance the experience of Network users, by, for example, providing integrations with services for discovering and disseminating scholarly work. We will take reasonable measures to ensure that these Service Providers will access and use User Information only for the purpose of providing services to MSU or on our behalf. (See section 9, “Security,” below.)
In the event that the governance or operation of the Commons changes, such that MSU is no longer the data controller for the Commons (for instance, if the Commons becomes an independent not-for-profit organization or its administration is transferred to another entity or institution), control of your data would be transferred to that entity. We would inform you of such a change in governance or operations, and this Privacy Statement would be revised accordingly.
6. Your Choices and Rights
By using the Network and providing User Information to us, you expressly and voluntarily accept the terms and conditions of this Privacy Statement and the Agreement of which it is a part. Providing your information to MSU is entirely voluntary. If you no longer wish to share your User Information, you can revise your Profile or close your account, as described in this section. However, you cannot change how your nonprivate activity on the Commons is shared, except by closing your account.
a. Accessing and Changing Your Profile Information
You can review the information you provided for your Profile and make changes to that information at any time by clicking on the “Edit My Profile” link on your Profile or in the navigation bar drop-down menu below your name in the top right corner of every page of the Site. After your change is processed, MSU may retain residual copies of the old information in its backup and archival copies of its database for a limited period of time.
b. Correcting Your Personal Data
If you believe that other personal data of yours are inaccurate or incomplete in our records, please contact us and we will correct it.
c. Changing Your E-mail Preferences
You can control the e-mails you receive by selecting your preferences on the E-mail page of your Settings.
d. Requesting Your Data
You have the right to request a copy of your personal data. To do so, contact us in writing (or by mail at the address below). Please make clear that you are requesting a copy of your personal data. You may need to prove your identity with an e-mail confirmation or otherwise verify your identity. We will provide the data in a structured, commonly used, and machine-readable format.
e. Closing Your Account
If you wish to close your account, please contact us. We will delete or anonymize all information associated with your account in a timely matter, so long as there is no legal obligation to retain it for longer. You may need to prove your identity with an e-mail confirmation or otherwise verify your identity.
Please note that, to maintain the continuity and integrity of the discussions, groups, and other interactive features on the Commons, your submissions to those sections will not be removed in connection with the closing of your account, though your identifying User Information will be removed from them. If you ever wish to use the social-networking features of the Network again, you will need to resubmit all information associated with your account and reestablish all connections with other users.
f. Right to Erasure
Other visitors may request we erase their personal data by contacting us in writing. We will delete or anonymize all personal data in a timely matter, so long as there is no legal obligation to retain it for longer. You may need to verify your identity.
g. Right to File a Complaint
We hope you will contact us with any questions or complaints in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly.
7. Links to Third-Party Web Sites
The Network may contain links to Web sites controlled by third parties (“Third-Party Web Sites”), whether provided by us or by other users. If you follow any link to a Third-Party Web Site, you should review that site’s terms of use and privacy policy to find out how the site treats the information you provide it. We are not responsible for Third-Party Web Sites or their privacy practices.
8. Records Retention
We will keep your personal data for as long as you have an account open, or as required to comply with legal processes. Typically, we retain web server logs that record information about visitors for three months.
9. Security
We will take reasonable measures to protect the integrity of private communications on the Network and to protect against loss, corruption, and alteration of the information on the Network. However, even protected sites can be subject to hacking, technological glitches, user misconduct, and administrative errors, and we assume no liability for any of these actions or occurrences or their results.
10. Children under Age Thirteen
The Network is not intended for use by children under the age of thirteen. By using the Network, you represent to us that you are at least thirteen years old. If you are not at least thirteen years old, you may not use the Network. We do not knowingly collect personally identifiable information from children under the age of thirteen. If we learn that we have inadvertently collected any personally identifiable information from a child under the age of thirteen, we will delete that information. If you are a parent or guardian and you believe that your child under age thirteen may have provided personally identifiable information through the Network, please contact us.
11. Contact Us
If you have any questions about this Privacy Statement, the practices of MSU, or your dealings with the Commons, you can contact us electronically, or by mail at the following address:
Kathleen Fitzpatrick
479 W. Circle Drive
East Lansing, MI 48824