Knowledgebase
1.08 LabArchives Privacy
Posted by Hannah Clark on 15 July 2019 11:06 AM

LabArchives® Privacy 

 
Online version of LabArchives® Privacy 

LAST UPDATED: June 27, 2019

At LabArchives, the security of all data is paramount. Whether it be any personal information you provide or the data you choose to store within LabArchives applications, we know that you care how it is handled. We go to great lengths to ensure that all data is secure and appreciate your trust in us to do that carefully and sensibly.

This privacy policy pertains to any data provided to us while using LabArchives websites, services, applications and within any communications to LabArchives such as email, fax and mail.

This privacy policy also does not apply to any LabArchives services that do not provide links to this policy or that have their own privacy statements.

This privacy policy does not apply completely to any data that is processed, stored, or hosted by outside vendors that LabArchives utilizes for company business processes or for special integrations with our applications used by our users. In such cases, these vendors share the responsibility of securing the data involved and have their own privacy policies. Rest assured that LabArchives does heavily scrutinize any relationships it makes with 3rd parties and requires that they too handle any data and communications securely.

WHAT INFORMATION ABOUT YOU DO WE COLLECT?

When you interact with LabArchives services, you may provide us with many types of information including:

  • Personally identifiable information and other information that you knowingly choose to disclose, which is collected on an individual basis
  • Information that may or may not include personally identifiable information that you choose to store within LabArchives services
  • General usage and statistical information which is collected on an aggregate basis as you use LabArchives services

In some cases, if you choose not to provide us with required information for the services you want to use, you may not be able to access utilize those services. Further details are provided below.

HOW AND WHY DOES LABARCHIVES COLLECT INFORMATION?

Use of LabArchives Applications

The security of data stored in the LabArchives application is a shared responsibility between LabArchives LLC (the processor of such data) and the application’s users (the controller of such data).

LabArchives LLC does configure and secure its infrastructure (firewalls, servers, storage, databases, networks, etc.). The underlying technology and mechanisms to setup, manage and secure LabArchives infrastructure is provided by Amazon Web Services (AWS) who have their own privacy policy here. LabArchives develops and secures the LabArchives web, mobile, plugin and special utility applications that run on top of the infrastructure using secure coding and testing practices. LabArchives protects notebook data stored by encrypting it at rest and transmitting it over HTTPS. No other corporate systems such as corporate email, file servers, data/contact management systems, financial systems, HR systems, etc. reside on the same network as the systems that store LabArchives notebook data and no portable storage devices are used to store any notebook data at any time.

Further, LabArchives staff does not read, classify or share any notebook data. LabArchives staff, by default, has no administrative privileges to grant or remove any access rights to/from any user’s notebook through the LabArchives application.

To create an account to access LabArchives and store data within it, LabArchives does need to collect and securely retain some personally identifiable and other information to complete that process. This may include, but is not limited to, an email addresses, name, organizational affiliations, etc. Settings in the LabArchives application allow each user to change any of the personally identifiable information related to their account that is stored in the application at any time. LabArchives does send emails that are transactional in nature related to a user account based on the user’s actions such as account activation, password reset, share/comment notifications, etc.

Users also create and use notebooks and then upload, organize and share data in LabArchives by choice. User accounts with administrative privileges are solely responsible for granting any notebook data access to other users through various methods available in the applications and services provided by LabArchives. This may involve a user providing the personally identifiable information of another person such as their email and name in order to share access to notebook data. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot control a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc.

Additionally, if applicable, LabArchives users that are site administrators for an organization have further control over their organization’s user accounts, data, access to user activities/details and the ability to control what application options are available to their users.



Requests for Product Information or Support

If you request product information or support from LabArchives, we do need to collect some personally identifiable and other information to complete the request you are making. This may include, but is not limited to, an email addresses, name, contact numbers, organizational affiliations, etc.

We do securely retain this information in applicable systems provided to us by 3rd parties such as email and communication systems, contact management systems, technical support systems and other systems.



Cookies

Cookies are used by LabArchives application and other LabArchives web services that provide product, support and other information. Cookies are small pieces of data that are stored by a user's web browser on the user's hard drive. Cookies are a feature of web browser software that allows web servers to recognize the computer used to access a website.

The LabArchives applications use “session-based” cookies which are allotted to your computer for the duration of your LabArchives session. These session cookies are deleted when you close down your browser.

Other LabArchives web services use cookies to provide functionality and collect information about how our web sites are used.

You can, of course, disable cookies on the device you are using to access our services by changing settings on your browser. However, if you choose to do this, you may be restricted from using some LabArchives services and you may receive errors/warnings about your cookie settings.



Network and Systems Logs

For auditing and administrative purposes, over 60 different actions performed when using LabArchives applications are logged including the type of action, user account information, IP, date/time and other details. The type of actions logged includes, but is not limited to, successful/unsuccessful logins, adding entries, editing entries, generating output, viewing shares of data, turning on/off functionality, etc. This activity logging is used for tracking what actions have been performed on a notebook or in the system by its users. This logging is available to users with access to such tracking, site administrators and LabArchives staff.

These application activity logs are also used for many other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for feature usage, monitoring for traffic/load/malicious patterns related to application functionality, etc.

These activity logs are securely retained and do not contain any LabArchives notebook data nor are they shared with any unaffiliated 3rd parties of LabArchives.



Application Activity Logging

For auditing and administrative purposes, over 60 different actions performed when using LabArchives applications are logged including the type of action, user account information, IP, date/time and other details. The type of actions logged includes, but is not limited to, successful/unsuccessful logins, adding entries, editing entries, generating output, viewing shares of data, turning on/off functionality, etc. This activity logging is used for tracking what actions have been performed on a notebook or in the system by its users. This logging is available to users with access to such tracking, site administrators and LabArchives staff.

These application activity logs are also used for many other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for feature usage, monitoring for traffic/load/malicious patterns related to application functionality, etc.

These activity logs are securely retained and do not contain any LabArchives notebook data nor are they shared with any unaffiliated 3rd parties of LabArchives.



Other Traffic and Performance Analytics

For the purposes of maintaining service reliability, performance levels, monitoring for malicious patterns, better understanding usage of our services and improving overall user experience, LabArchives tracks various systems analytics such as server statistics, response times, request types, error rates, heavily used links, source IPs, geographic locations, etc.

These analytics are securely retained and do not contain any LabArchives notebook data nor are they shared with any unaffiliated 3rd parties of LabArchives.



Credit Card Information

To provide secure credit card processing when ordering from us, orders placed online with us are handled and secured by a payment system managed by 3rd parties which operate under their own privacy policies. If you choose to purchase or license LabArchives services online using a credit card, credit card details and other information is sent securely to a 3rd party for processing. LabArchives does not store your credit card information, but may store the status and payment amounts of a transaction.

HOW WOULD LABARCHIVES SHARE ANY INFORMATION COLLECTED?

LabArchives shares information with your consent or to provide any services that you have requested or authorized. LabArchives and its affiliates may, from time to time, share information about other products with you and/or services that we think you may find to be of interest if you have consented to receive such information. If you wish to change the types of communications you receive from us by email, you may do so by contacting privacy@labarchives.com, or by clicking on the unsubscribe link in these types of communications.

At times, we may employ other companies and individuals to perform functions on our behalf that involve your personally identifiable information. Our employees, agents and contractors who have access to personally identifiable information are required to protect the information in a manner that is consistent with this privacy policy.

We may provide access to any personally identifiable information and/or data in the event an external agency makes a legitimate, verified legal request to access it. This would include requests resulting from, but not limited to, the receipt of a court order, warrant, subpoena or other legal process. In such cases, the owners and/or administrators of the any information or data being requested would be notified unless such notification is prohibited by law, is counterproductive or when extreme circumstances exist that involve danger of death or serious injury to anyone. When possible, external agencies would be provided access to a secondary copy of any data so that the original LabArchives data remains intact.



HOW DOES LABARCHIVES HANDLE DATA FROM THE EEA?

Additional privacy and other rights apply in the event any data comes to LabArchives LLC from the European Economic Area (“EEA”). The EEA is comprised of all European Union countries plus Norway, Iceland and Liechtenstein. Additional rights are provided by the General Data Protection Regulation (“GDPR”) which may apply to the “processor” and/or “controller” of any data from the EEA.

For the LabArchives applications which are used by users and organizations by choice to create accounts and store, organize and share data, LabArchives is the “processor” of the data while the users and organizations they are part of are the “controllers” of the data.

In the case of other systems used by LabArchives for legitimate business processes, LabArchives is the “controller” of the data while any 3rd party provider of these services is the “processor” of the data. These systems include, but are not limited to, email and communication systems, contact management systems, product support systems, accounting systems, etc. It should be noted that these systems also are provided by vendors that store the data they process in the United States. With that, if you communicate with us, ask for support, ask for product information or purchase a product, then data from such actions does leave the EEA and travel to United States.

As mentioned, the GDPR provides added rights and privileges that the controllers and/or processors must perform for data that is from the EEA. These include, but are not limited to, notifications of any breaches of security, rights to have the data controller provide information on whether their personal information is being processed, rights to have the data controller erase any personal information that is being processed, rights to have the data controller fix any incorrect personal information and rights to get any of their personal data in a machine readable format from the controller. The official details on GDPR can be found here.

VeraSafe has been appointed as LabArchives representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to privacy@labarchives.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.



HOW TO GET MORE DETAILS OR HELP WITH THE LABARCHIVES PRIVACY POLICY?

If you need further information about our privacy policy or want to take advantage of rights you may have that are described in this policy, please contact us at privacy@labarchives.com.

(2 vote(s))
Helpful
Not helpful