Last Updated: November 1, 2018
Thank you for choosing to be a part of our community at the MIT Behavioral Research Lab (“we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regard to your personal information, please contact us at firstname.lastname@example.org.
1. What Information Do We Collect?
Personal Information You Disclose to Us
In short: We collect personal information that you provide to us, such as name, contact information, and login credentials.
We collect personal information that you voluntarily provide to us when registering for an account on the Sites, when signing up for activities (such as research studies) advertised through the Sites, and when contacting us.
The personal information we collect depends on the context of your interactions with us and with the Sites, the choices you make, and the services and features you use. The personal information we collect can include the following:
- Name and contact information — We collect your first and last name, email address, phone number, and other similar contact information.
- Credentials — We collect your username, password, and similar security information used for authentication and account access.
- Information required for payment processing — We collect information such as postal address and social security number in order to process payments to research participants. Specifically, if the compensation amount for a study exceeds $75, or if a participant is not a U.S. citizen or permanent resident, we are required by federal law and/or MIT policy to collect such information for tax reporting and deduction purposes.
All personal information that you provide to us must be true, complete, and accurate. You must notify us of any changes to such information.
Information Automatically Collected
In short: Some information, such as IP address and web browser characteristics, is collected automatically when you visit our Sites.
We automatically collect certain information when you visit, use, and navigate our Sites. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, country, location, information about how and when you use our Sites, and other technical information. This information is primarily needed to maintain the security and operation of our Sites, and for our internal analytics and reporting purposes.
Information Collected from Other Sources
In short: We may collect limited amounts of data from public databases, marketing partners, and other outside sources.
We may obtain information about you from public databases, joint marketing partners, and other third parties. Examples of the information we receive from these sources include social media profile information, marketing leads, and search queries.
2. How Do We Use Your Information?
In short: We may use your information to send you promotional emails, administrative information, and responses to your inquiries and requests.
We may use personal information collected through our Sites for the purposes described below:
- To send you promotional emails — We and/or our third-party marketing partners may use the personal information you provided to us for promotional purposes (which include recruiting participants for research studies), if this is in accordance with your communication preferences. You can opt out of our promotional emails at any time.
- To provide you with administrative information — We may use your personal information to contact you about your user account, an upcoming activity (such as a research study) you have registered for, our new resources and services, and changes to our policies and procedures.
- To respond to your inquiries and requests — When you send us an email, submit a contact form through our Sites, or interact with us by any other means, we may use your contact information to communicate with you.
3. Under What Circumstances Will Your Information Be Shared?
In short: We only share information with your consent, to fulfill a contract with you, to comply with laws, and to meet legitimate organizational needs.
We may process or share your information under the following circumstances:
- Consent — We may process your data if you have given us specific consent to use your personal information for a specific purpose.
- Performance of a contract — Where we have entered into a contract with you, we may process your data to fulfill the terms of our contract.
- Legal obligations — We may disclose your information where we are legally required to do so in order to comply with applicable laws, governmental requests, judicial proceedings, court orders, and legal processes. We may also disclose your information where we believe it is necessary to investigate, prevent, or take action regarding suspected fraud, potential violations of our policies, and situations involving illegal activities or potential threats to the safety of any person.
- Legitimate interests — We may process your data when it is reasonably necessary to achieve our legitimate organizational interests. This may involve sharing your data with third-party vendors, consultants, contractors, and agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, web hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand online activity. Unless described in this policy, we do not share, sell, rent, or trade any of your information with third parties for their promotional purposes.
4. With Whom Will Your Information Be Shared?
In short: We only share information with the following third parties.
We only share and disclose your information with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to revoke your consent, please contact us at email@example.com.
- Advertising, direct marketing, and lead generation — Facebook Pixel
- Content optimization — YouTube video embed, Google Fonts
- Participant pool management — Sona Systems
- Spam filtering — Akismet
- Web and mobile analytics — Google Analytics
- Website hosting — SiteGround
What Are Cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner are called “first-party cookies”. Cookies set by parties other than the website owner are called “third-party cookies”. Third-party cookies enable third-party features or functionality (e.g., advertising, interactive content, and analytics) to be provided on or through a website. The parties that set these third-party cookies can recognize your computer both when it visits the website in question and when it visits certain other websites.
What Cookies Do We Use?
The specific cookies served through our Sites are listed below:
- Analytics and customization cookies — Google Analytics
How Can I Control Cookies?
What About Other Tracking Technologies, like Web Beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies, such as web beacons (sometimes called “tracking pixels” or “clear gifs”), from time to time. Web beacons are tiny graphics files containing a unique identifier that enables us to recognize when someone has visited our Sites or opened an email that we have sent them. This allows us, for example, to monitor the traffic patterns of users from one page within our Sites to another, to deliver or communicate with cookies, to understand whether you have come to our Sites from an online advertisement displayed on a third-party website, to improve the performance of our Sites, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, thus declining cookies may impair their functioning.
Do You Use Flash Cookies or Local Shared Objects?
Our Sites may also use so-called “Flash cookies” (also known as “local shared objects” or LSOs) to, among other things, collect and store information about your use of our services, prevent fraud, and perform other operations.
If you do not want Flash cookies to be stored on your computer, you can adjust the settings of your Flash Player to block Flash cookie storage using the tools in the Website Storage Settings panel. You can also control Flash cookies by going to the Global Storage Settings panel and following the instructions provided there, which include instructions on how to delete existing Flash cookies, how to prevent Flash LSOs from being placed on your computer without your permission, and how to block Flash cookies that are not being delivered by the operator of the page you are on at the time.
Please note that setting Flash Player to restrict or limit acceptance of Flash cookies may reduce or impede the functionality of some Flash applications, including applications used in connection with our services or online content.
6. How Long Do We Keep Your Information?
When we have no ongoing legitimate need to process your personal information, we will either delete or anonymize it, or, if this is not possible (e.g., because your personal information has been stored in back-up archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.
7. How Do We Keep Your Information Safe?
In short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate organizational and technical security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the Internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Sites is at your own risk. You should only access our services within a secure environment.
8. Do We Collect Information from Minors?
In short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Sites, you represent that you are at least 18 years of age or that you are the parent or guardian of a minor under 18 years of age and consent to the minor’s use of the Sites. If we learn that personal information from users under 18 years of age has been collected, we will deactivate the associated account and take reasonable measures to promptly delete such information from our records. If you become aware of any data we have collected from children under 18 years of age, please contact us at firstname.lastname@example.org.
9. What Are Your Privacy Rights?
In short: You may review, change, or terminate your account at any time.
If you are a resident in the European Economic Area and believe that we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority. You can find their contact details here.
If you would, at any time, like to review or change the information associated with your account or terminate your account, you can:
- Contact us at email@example.com.
- Log into your account and update your information.
Upon your request to terminate your account, we will delete your account and its associated data from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with investigations, or comply with legal requirements.
Opting out of Email Lists
You can unsubscribe from our promotional email list by contacting us at firstname.lastname@example.org. You will then be removed from the promotional email list; however, we will still need to send you service-related emails that are necessary for the administration and use of your account. To otherwise opt out, please contact us at email@example.com.
Cookies and Similar Technologies
Most web browsers are set to accept cookies by default. If you prefer, you can set your browser to remove or reject cookies, which may affect certain features or services on our Sites.
10. Do California Residents Have Specific Privacy Rights?
In short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes, as well as the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
11. Do We Make Updates to This Policy?
In short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
12. How Can You Contact Us About This Policy?
If you have questions or comments about this policy, you may email us at firstname.lastname@example.org, call us at (617) 253-1959, or write to us at:
MIT Behavioral Research Lab
400 Main Street