Updated: May 22, 2018

This Privacy Notice explains how Freunde von GISAID e.V. ("GISAID") collects, uses, shares and otherwise processes your personal data collected on our website, mobile apps, user alerts and other communication services (the “Services”). The processing of personal data are addressed in the GISAID EpiFlu™ Database Access Agreement. We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal data about you. Those supplemental notices should be read together with this Privacy Notice.

As a condition of registration and use of the GISAID Database, GISAID will collect contact information, such as your name, employer or affiliation, work address, email address and phone numbers (collectively, "Contact Information") to facilitate communication with you.

Our systems may also collect information about your browser or mobile device automatically. We may use cookies, web beacons, and similar devices to help us understand your activity on our Services, as well as email communications. Data we collect automatically includes the type of web browser or mobile device you you’re your operating system, your IP address, and general geographical location.

We will use your personal data for the following purposes: 

• To inform you about new legal and policy developments, relevant information in the research community we serve.
• To promote collaboration and facilitate proper acknowledgment, to disclose only your name and employer or affiliation to authorized users of the Database.
• To disclose your Contact Information to third party service providers with whom GISAID has entered confidentiality agreements for the sole purpose of administering the GISAID Database.

Please note that we may use or disclose personal data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

We may share your information in the following circumstance: 

• Other GISAID Offices: For users residing in the EU, these offices may be in countries that offer a lower level of privacy protection than your home country. We have put into place contractual safeguards approved by the European Commission to protect your information. 
• Service Providers: We may share your information with entities that provide services to us, including companies that provide web analytics, email distribution. These entities are limited in their ability to use your information for purposes other than providing services for GISAID Service Providers: 
• Other Parties When Required by Law or as Necessary to Protect Our Services: GISAID will not disclose your Contact Information to any other third party except as required by applicable law, for example there may be instances when we disclose your information to legal advisors and public authorities, such as court and law enforcement agencies.

Some of the content, functionality, and services on the Services may be provided by third parties that are not affiliated with GISAID. For example, we enable you to link to services such as Twitter. These third parties may collect or receive certain information about your use of the Services, including through the use of cookies, web beacons, and similar technologies. These entities may collect this information over time and combined with information collected from different websites and online services. We are not responsible for the privacy practices of these entities.

We do not knowingly collect or store personally identifiable information about children under the age of 16, unless permitted by law. If we learn that we have collected personally identifiable information from a child under age 16, we will delete that information from our database.

Legal Grounds. We will process your personal data only (1) with your consent; (2) to perform a contract between you and GISAID; (3) to comply with a legal obligation; or (4) where we have a legitimate interest to do so, balancing this interest against your interests and fundamental rights. These legitimate interests are administrative functions within GISAID, and complying with your requests for information.

Access, Correction and Deletion. If you reside in the EU, you may exercise your Personal Data rights under GDPR through the contact information shared below. Specifically you have the following rights subject to the exceptions allowed by law:

• To access your information 
• To rectify or update your information 
• To erase your information, subject to our need to retain certain information for legal or other purposes 
• To receive a copy of your information 
• To object to or restrict its processing 

We use physical, technical and administrative measures to protect your information against loss, theft and unauthorized use, disclosure or modification. While we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us since no method of data transmission or storage is 100% secure. 

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. To determine the appropriate retention period for your personal data, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your it and whether we can achieve those purposes through other means, and the applicable legal requirements In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case it is no longer personal data.  Upon expiration of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. 

We may update this Privacy Notice at any time, and we will make an updated copy of any such Privacy Notice available on our website.

Should you have any questions about this Privacy Notice or inquiries regarding your personal data rights you can contact us at privacy(at)gisaid.org or at the address below.

Freunde von GISAID e.V.
Attn: Privacy Officer
Lipowskystrasse 10
81373 Munich | Federal Republic of Germany

Users residing in the European Economic Area have a right to lodge a complaint to the supervisory authority for data protection in their country.