This Privacy Statement applies to the websites (“Websites”) owned and operated by Arbor Research Collaborative for Health (referred to as “Arbor Research,” “us,” “our” and “we”).

This Privacy Statement describes how Arbor Research collects and uses the personal information you provide through our Websites. It also describes the choices available to you regarding the use of your personal information and how you can access, update, and correct your personal information.

By using our Websites, and/or by permitting the deposit of your personal information through our Contact forms, you agree to the terms of this Privacy Statement, including the transfer of personally identifiable information to the United States or another jurisdiction whose privacy laws may be different from those in your country.

Information we collect and how we collect it

Information you give us
You can examine our Websites without providing any personal information. Our Websites’ Contact forms require users to directly give us personal information. The information is only used to respond to those who inquire about our services regarding data sharing requests, publications, presentations or career opportunities. We make every effort to keep our records accurate.

Personal Information We Collect About You. We may collect and use the following personal information, including sensitive personal information, that identifies, relates to, describes, is reasonable capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers). Professional or employment-related information.

We will make appropriate changes when you notify us. If you want to view, update, or delete the information we have about you, please contact the Privacy Officer under the Questions or concerns section below.

How and Why We Use Your Personal Information. Under data protection laws, we can only use your personal information if we have a proper reason for doing so, for example:

  • To comply with our legal and regulatory obligations
  • For our legitimate interests or those of a third party –or–
  • Where you have given consent

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. For example:  to minimize fraud that could be damaging for us and for you;  to make sure we are following our own internal procedures so we can deliver the best service to you; to protect trade secrets and other commercially valuable information;  to prevent and detect criminal activity that could be damaging for us and for you;  to maintain our accreditations so we can demonstrate that we operate in accordance with the highest industry standards.

How Long Your Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing products and /or services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf
  • To show that we treated you fairly –or–
  • To keep records required by law

We will not retain your personal information for longer than necessary for the purposes set out in this policy. When it is no longer necessary to retain your personal information, we will delete or anonymize/de-identify it.

By using our Websites, or permitting the deposit of personal information on or through the Contact Forms, you agree that (I) your personal information may be transferred to our facilities and affiliates and those of the third parties with whom we share it as described in this Privacy Statement and (ii) any claims of any kind that you have regarding this Privacy Statement and our use and sharing of data shall be resolved in accordance with the procedures set forth in Enforcement and Governing Law section.

Information from cookies and other tracking technologies
We will collect information about your use of the Websites. We do this for a variety of reasons, including to help identify and block some spammers, and also to monitor traffic on the Websites. When a visitor accesses our Websites, we collect certain information using web analytics tools, including details about the users, such as the visitor’s IP address, the type and version of the Internet browser that is being used, the site from which the visitor accesses our Websites, the type of device being used (e.g. computer, smart phone, tablet), or the screen resolution; and details about usage, including page traffic. We may combine this automatically collected log information to other information we collect about you. Our Websites do not overtly capture information regarding specific activities of any particular user. We do not have any arrangements with any other sites to track and monitor user activities.

Cookies

Login not required
When no login is required, no cookies (session or persistent) are used on any Arbor Research Website.

Login required
For user-authenticated sessions, our Websites set session cookies to facilitate authentication functionality and enhance the user experience. These cookies are set in memory on our servers but are not permanently stored, and are usually removed from memory within 24 hours. No persistent cookies are used.

Government data requests
If we are required by law, public safety, or public policy, or we are served with a warrant, court order, or subpoena, we may provide your information to regulators, enforcement agents, courts and/or other government entities. To protect the privacy interests of our users, we will provide only such data as we deem necessary in the situation. To the extent allowed, we will promptly provide information about any government data requests received and accounts affected to the relevant person.

Marketing
We do not share your information or sell your information to marketers, advertisers or other entities.

Vendors
We may share your information with agents or contractors (for example, a vendor may host Arbor Research’s servers, or an Arbor Research contractor may need to check Records for inconsistencies), but only on a “need to know” basis to help us operate Arbor Research and the Websites, and only if the vendor agrees to maintain the confidentiality and security of your information and not to use it for other purposes. These companies are authorized to use your personally identifiable information only as necessary to provide these services to us.

Security
Our Websites are protected with a variety of security measures such as change control procedures, passwords, physical access controls, and industry-standard encryption techniques where appropriate. We also employ a variety of other mechanisms to ensure that data you provide is not lost, misused, or altered in appropriately. These controls include data confidentiality policies and regular database backups.

Third-party links
Our Websites may contain links to and from sites maintained by third parties. This Privacy Statement does not cover your activities on those sites, any information you may provide to those sites, or information that may be collected about you by those sites.

Children’s privacy
Arbor Research provides general audience Websites and does not offer services directed to children. Should a child whom we know to be under the age of 13 sends personal information to us, we will delete that information immediately. Parents may also contact us as indicated in the Questions or concerns section to request removal of any personal information about a minor.

Your opt-in and opt-out of newsletters
If you are currently on a Newsletter list of ours and wish to be removed, please contact us as indicated under  Questions or concerns  or use the unsubscribe link provided in the received email.

International data transfer
Note that we may store and process personal information on servers located outside of the country where you originally deposited the data. The data protection laws of the country or countries where this personal information will be stored or processed might not be as comprehensive as those in your country. Regardless of where we store and process data, we take steps to protect your information, consistent with the principles set forth in this Privacy Statement.

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We continually test our systems which means we follow top industry standards for information security. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Additionally, we have thoroughly reviewed our privacy practices and procedures within the European General Data Protection Regulation (GDPR).

As a nonprofit organization, we are not subject to the jurisdiction of the United State Federal Trade Commission, which oversees the implementation of the Data Privacy Framework. Consequently, Arbor Research cannot self-certify compliance.

Enforcement and arbitration; Governing law
If you have any concerns or claims with respect to our Privacy Statement, please contact us as indicated under Questions or Concerns. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of personal information.

If you are not able to resolve your concerns through Arbor Research’s internal mechanism, arbitration as set forth in this paragraph will be your final and exclusive recourse for dispute resolution. If arbitration is necessary, it will be conducted by telephone and email, and if it must be done in person, it will be conducted in Ann Arbor, Michigan, and by using our Websites, you consent to such jurisdiction. The arbitration will be conducted by one arbitrator who is a member of the American Arbitration Association, and under the rules of commercial arbitration of the American Arbitration Association. Both parties will bear equally the cost of arbitration (exclusive of legal fees and expenses). All decisions of the arbitrator(s) will be final and binding on both parties and enforceable in any court of competent jurisdiction.

This Privacy Statement is governed by and any disputes shall be resolved under the laws of the State of Michigan (United States), without giving effect to its conflict of laws principles.

Changes to this statement
We may change our Privacy Statement from time to time. We will post any changes to this Privacy Statement on this page. Your continued use of the Websites will be deemed conclusive acceptance of modifications. Please check this Privacy Statement from time to time for changes. We will not reduce your rights under this Privacy Statement with respect to data previously deposited without your consent.

Questions or concerns
If you have any additional questions or concerns about this Privacy Statement or our practices, please contact by email or by writing to:

Privacy officer
Arbor Research Collaborative for Health
3989 Research Park Dr
Ann Arbor, MI 48108 USA
privacy@arborresearch.org

©2023 Arbor Research Collaborative for Health. All rights reserved.