Privacy Policy

We are pleased that you are visiting our website at https://pathoplexus.org and Pathoplexus our genomic sequence database (“Database”). Data protection and data security when using our website and Database are very important to us. We would therefore like to inform you which of your Personal Data we collect when you visit our website and use our Database and for what purposes it is used.

Who is responsible?

The person responsible in the sense of Switzerland’s Federal Act on Data Protection, 2020 (“FADP”) and the EU’s General Data Protection Regulation (“GDPR”) is the Pathoplexus association, of Basel, Switzerland (“we”, “us”, “our”). If you have any questions about this policy or our data protection practices, please contact us using accounts@pathoplexus.org.

Principles of data processing

a. Personal data: Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior.

b. Processing: The processing of Personal Data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis.

c. Legal basis: In accordance with the FADP and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: i) you have given your consent, ii) the data is necessary for the fulfillment of a contract / pre-contractual measures, iii) the data is necessary for the fulfillment of a legal obligation, or iv) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.

d. Retention: Processed Personal Data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.

Data we collect

a. Provision and use of the website: When you access our website, we collect the Personal Data that your browser automatically transmits to our server. This is technically necessary for us to display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) Date and time of access, iii) name and URL of the file accessed, iv) website from which the access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The legal basis is our legitimate interest.

b. Hosting: We use the hosting services of Amazon Web Services (AWS) for the purpose of hosting and displaying our website. AWS does so on the basis of processing on our behalf, and that also means that all data collected on our website is processed on AWS’s servers in Europe. The legal basis for processing is our legitimate interest.

c. Cookies: The FADP and the EU counterpart the Privacy and Electronic Communications Directive (“PECD”), require us to ask for your consent when using specific cookies (in particular any cookie that is not strictly necessary for the operation of the website, for example, Functional cookies, Analysis and performance cookies and Advertising cookies or targeting cookies “Optional cookies”).

Further and as the FADP and the GDPR also require a legal basis for the use of Personal Data in relation to cookies, the use of cookies would then be your consent as well as our legitimate interest. However, as we think it is important that you should have full control over your privacy online, we refrained from placing optional cookies on my website and as such we are not required to obtain any consents. Nonetheless, this may change, and we ask you to regularly check this policy for any updates.

d. Contacting Us: We offer you the opportunity to contact us using various methods. We collect the data you submit such as your name, email address, telephone number and your message in order to process your enquiry and respond to you. The legal basis is both your consent and contract.

e. User Account: For the creation of an account, we require contact details, such as your Full Name, Username, Email address (preferably institutional), as well as information about the group you are joining or creating, and optional about your institution, the role and title and office details in your institution etc. and country, phone number, ORCiD, links to website(s), your bio in the about section. You can access this data in your user account. The legal bases for processing are contract and our legitimate interest.

f. Our Database: We process your sequence data uploaded to or involved in your use of our Database (“Service Data”) in order to be able to provide our services to you. Service Data may include Personal Data that is or can be associated with the sequence such as ‘authors’, ‘generators’ or ‘submitters’ names. You agree that, if you have provided us with Personal Data relating to a third party (i) you have in place all necessary appropriate consents and notices to enable lawful transfer of such Personal Data to us and (ii) that you have brought to the attention of any such third party our Privacy Policy.

We provide you with complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations such as the INSDC - International Nucleotide Sequence Database Collaboration, and (iii) request export or deletion of your Service Data stored in our Database.

Note that data that is associated publicly with submitted sequences cannot be deleted even if the associated account is deleted. This may include author name, institution, and revision/revocation actions by a user.

Where we process Service Data as Data Processor or in other words on behalf of you, we will process the Service Data involved in your use of our services in accordance with your instructions and shall use it only for the purposes agreed between you and us.

We ensure that access by our employees to your non-public data is only available on a need-to-know basis, restricted to specific individuals, and is monitored and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

For the purpose of providing our services all Service Data processed by us will be stored using AWS’s servers as our sub-processor and take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of your Service Data.

Data Security

We undertake to protect your privacy and to treat your Personal Data (excepting what is associated with public sequences such as author names) confidentiality. In order to prevent manipulation or loss or misuse of your data stored with us, we take extensive technical and organizational security precautions which are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognised encryption procedures (SSL or TLS).

However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.

International transfers

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

How we may share your Personal Data

We may share your Personal Data with our Business Partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customizing our business to better meet your needs. We share your Personal Data only with Business Partners who agree to protect and use your Personal Data solely for the purposes specified by us.

We may also disclose your Personal Data for any purpose with your consent or for law enforcement, fraud prevention or other legal actions as required by law or regulation, or if we reasonably believe that we must protect us, our customers or other business interests. Except as described above of which you will be informed in advance, we will not disclose your Personal Data.

What we do not do

  • We do not request Personal Data from minors and children;
  • We do not use Automated decision-making including profiling; and
  • We do not sell your Personal Data.

Privacy Rights

Under the FADP and the GDPR, you can exercise the following rights:

  • Right to information
  • Right to rectification
  • Right to deletion
  • Right to data portability
  • Right of objection
  • Right to withdraw consent
  • Right to complain to a supervisory authority
  • Right not to be subject to a decision based solely on automated processing.

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion (excepting what is associated with public sequences such as author names), or object to its processing or want to withdraw any consents you have given us, please contact us.

Access Request

In the event that you wish to make a Data Subject Access Request, please inform us in writing. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

Complaint to a supervisory authority

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

Validity and questions

This Privacy Policy was last updated on Tuesday, 27th of February 2024, and is the current and valid version. However, from time to time changes or a revision to this policy may be necessary. If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the details provided above.