University of California San Diego (“UC San Diego”) and the Center for Microbiome Innovation (CMI) care about your privacy. Please read below to see how we use – or process — your data and how we protect your privacy. We aim to be clear when we collect your personal information and not do anything you would not reasonably expect.
Transparency Regarding the Use of Your Personal Data
UC San Diego and the CMI know you care about the privacy and confidentiality of your information. We take protecting your privacy very seriously. Please read the following to learn more about how we treat your information when you use or access UC San Diego websites, communicate with UC San Diego, participate in UC San Diego programs or activities, or as part of the CMI. UC San Diego works in a distributed information technology environment; therefore, policies and procedures for other programs/applications may vary.
These Privacy Practices do not apply to the information practices or services offered by other organizations or individuals (“Third Parties”), including service providers, advertisers, sponsors, and others linked to our website.
The CMI is an agile center administered by UC San Diego Jacobs School of Engineering.
For purposes of the General Data Protection Regulation (“GDPR”), the data controller is the Regents of the University of California, with a location at the Center for Microbiome Innovation 9500 GIlman Dr., La Jolla, CA 92093-0413.
Your Personal Data We Use
Information you provide directly to the CMI
Information you provide directly to CMI Online collects personal information about you called Personal Data. Your Personal Data is collected when you register or fill in a form through CMI Online Services, or contact CMI Online. This includes information you provide when you register for an event, subscribe to newsletters, or participate in online events. Depending upon the specific CMI Online service you use, the information you give us includes your name, address, and telephone number, e-mail address, gender, age, payment information, job title, writings, or comments on discussion forums, as well as any information about you that is associated with or linked to, or could be linked to, any of the foregoing data.
We also collect more sensitive information about you, with your explicit consent, where the processing is necessary to meet a legal or regulatory obligation, the processing is in connection with CMI establishing, exercising, or defending legal claims, the information is necessary for internal CMI reporting or is otherwise expressly permitted by GDPR. This sensitive information includes information about your racial or ethnic origin.
Log, Cookie, and Device Data
As is true of most other websites, we collect information about your device and browser whenever you interact with the CMI website. Our website may use “cookies” to enhance your experience. Your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about you. Information may include the browser name, the type of computer, the region or location where your computer or device is accessing the internet, and technical information about your means of connection to our websites, such as the operating system and the Internet service providers utilized and other similar information. Our traffic tools log information about your browser, your IP address, the pages you visit, the duration of your visit, and the documents or forms you use or download. In addition to log and cookie data, we also collect information about the device you’re using to access the CMI, including what type of device it is, what operating system you are using, device settings, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. For example, different types of information are available depending on whether you are using a Mac or a PC, or an iPhone or Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
Essential cookies: These cookies are essential for enabling user movement around our website and providing access to features such as your profile and purchases, UC San Diego-only and CMI-only resources, and other secure areas of the website.
Analytics cookies: We use Google Analytics cookies to collect information about how visitors use our website. These cookies collect information in the aggregate to give us insight into how our website is being used. We anonymize IP addresses in Google Analytics, and the anonymized data is transmitted to and stored by Google on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Marketing cookies: We also use a marketing database management program that deploys a cookie when a user interacts with a marketing communication, such as a marketing email or a marketing-based landing page on our website. This cookie collects personal information such as your name, which pages you visit on our website, your history arriving at our website, event registration purchases, and the like. Collected information is used to evaluate the effectiveness of our marketing campaigns or to provide better targeting for marketing.
Information from Other Sources
We also obtain information about you from other sources and combine that information with information we collect from you directly. For example, we collect information about you when you make a payment through our authorized payment processor, or when you post content to our pages and/or feeds on third party social media platforms. The information we obtain from other sources includes your name, address and telephone number, e-mail address, payment information, as well as any information about you that is associated with or linked to, or could be linked to, any of the foregoing data.
How We Use Your Personal Data and the Lawful Basis for Such Processing
CMI Online processes your Personal Data for the following purposes and bases:
- It is in our legitimate interest as an academic organization to:
- Understand and improve our processes
- Assess and appraise our process for evaluating CMI Online trainings
- Suggest and plan future online programming and course design at the CMI.
- Process your payments to CMI Online. This is generally required to process a transaction requested by you
- Provide you with information regarding CMI Online events and initiatives. We will generally only do this where it is in our legitimate interest and where you have not objected or withdrawn any prior consent given
- Process and deal with any complaints or inquiries made by you or legally on your behalf. We do this because it is in our legitimate interest as part of the services CMI offers to you
- CMI may also be required to disclose your Personal Data to authorities who can request this information by law that is binding on CMI
- Utilize personal data including sensitive data in connection with CMI Online Services, with your consent for internal reporting. It is in our legitimate interest as an academic organization to understand and improve digital learning and pedagogy.
In certain instances, CMI may be required to obtain your consent to collect and process your Personal Data for a specific purpose. This depends on the specific category of data collected and the intended use of the data. In these instances, the CMI Service will inform you of the specific category of Personal Data that will be collected and the intended purpose of the collection and will request that you affirmatively indicate that you consent to the intended collection of your Personal Data for that purpose, prior to collecting the data.
In these instances, if you do not consent to the collection and intended processing purpose, CMI will refrain from collecting and processing your Personal Data.
Recipients of Your Personal Data
CMI Online may share your Personal Data with the following recipients:
- Other UC locations or departments: Other UC locations or departments in order to provide you with a CMI Service or where it is in CMI’s legitimate interests.
- Service Providers: Vendors that need access to your Personal Data in order to provide CMI Online’s Services.
- Public and Governmental Authorities: Entities that regulate or have jurisdiction over CMI such as regulatory authorities, law enforcement, public bodies, and judicial bodies.
- Corporate Transactions: A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of CMI’s business.
If your Personal Data is shared with a third party, CMI will require that the third party use appropriate measures to protect the confidentiality and security of your Personal Data.
We may also need to share your Personal Data as required to respond to lawful requests and legal process; to protect our rights and property and those of our agents, customers, and others, including to enforce our agreements and policies; and in an emergency, to protect CMI and the safety of our students, faculty, and staff or any third party.
CMI takes appropriate physical, administrative, and technical measures to protect Personal Data that are consistent with applicable privacy and data security laws and regulations.
Retaining and Deleting Your Personal Data
CMI will only retain your Personal Data for the duration necessary for the data collection purposes identified above unless there is a legal requirement to maintain it for a longer period.
International Transfer of Your Personal Data
In order to fulfill the intended processing purposes described above, your Personal Data will be transferred outside of the European Economic Area (EEA), which may not protect Personal Data in the same way that it is protected in the EEA. CMI will undertake appropriate measures to ensure adequate protection of Personal Data, including utilizing appropriate physical, administrative, and technical safeguards to protect Personal Data, as well as executing standard contractual clauses approved by the European Commission or a supervisory authority under GDPR, or obtaining your consent, where appropriate.
As required by the General Data Protection Regulation and applicable EU Member State and EEA state law, if you are located in the European Economic Area, you have a right to:
- Access your Personal Data, as well as information relating to the recipients of your Personal Data, the purposes of processing your Personal Data, the duration for which the Personal Data will be stored, and the source of Personal Data that has not been provided by you
- Rectify or correct inaccurate or incomplete Personal Data concerning you, taking into account the purposes of the processing, and the right to have incomplete Personal Data completed
- Move your Personal Data to another controller or processor. CMI will facilitate the lawful transfer of your data to the extent possible
- Have your Personal Data erased in certain circumstances
- Restrict the processing of your Personal Data in certain circumstances
- Object to the processing of Personal Data in certain circumstances
- Withdraw your consent to the processing of your Personal Data, should CMI ask for your consent for the processing of your Personal Data. The withdrawal does not affect the lawfulness of processing based on your consent before its withdrawal.
- Know whether your Personal Data is being used for automated decision-making, including profiling. In those cases, CMI will give you meaningful information about the logic involved, the significance and the envisaged consequences of such processing for your data, and the right to request human intervention
- Lodge a complaint with a supervisory authority.
CMI may be obligated to retain your Personal Data as required by U.S. federal or state law.
If you wish to exercise your rights, you can contact the CMI Official identified below.
Questions and Complaints; CMI Official
If you have questions or complaints about our treatment of your Personal Data, or about our privacy practices more generally, please feel free to contact the UC San Diego Center for Microbiome Innovation’s Director of Communications and Marketing, Cassidy Symons, at firstname.lastname@example.org.
Effective Date: This statement is effective as of April 19, 2021.