General Data Protection Regulation (GDPR) Statement
Effective May 15, 2019
Beginning May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. These new regulations provide EU residents with greater control over what, how, why, where, and when their personally identifiable data is used, processed or disposed. The regulations expand these rights beyond the borders of the EU, applying to organizations, such as ours, that process personal data of EU residents on behalf of our participants (“Personal Data”). Scismic LLC (“Scismic”, “we”, “us” or “our”) has been committed to the privacy of our participants and end users, wherever located, since our inception and complying with GDPR principles is no exception.
Scismic either already meets or is implementing our obligations as a data processor under GDPR. We are committed to periodically reviewing our policies and verifying our compliance with applicable law and our internal standards. This GDPR Statement (“Statement”) describes how Scismic collects, uses, and discloses certain personally identifiable information that we receive in the United States (“U.S.”) from the European Union; the European Economic Area, the United Kingdom, and Switzerland. In this Policy, the European Union, the European Economic Area, the United Kingdom, and Switzerland are collectively referred to as the “EU.”
- Information We Collect
- First and last names
- Email addresses
- Phone numbers
- State/Regional Identification
- Links to Various Online Profiles
- Professional skills and expertise
- Professional history/Resume/CV
- Username and password for your Scismic account
- Education history, including degrees, dates and locations of attendance, grades, extracurricular accomplishments and educational institution affiliations.
- Demographic information (gender/ethnicity)
- Personal information you submit to us via our participant service methods or through leaving reviews
- Usage, viewing, and technical data, including device identifier and/or IP address, or location information
- Billing information
- Log files, information collected by cookies or similar technologies about actions taken when accessing our platform
- Data submitted by our participants, which we process on their behalf
- Purposes of Personal Information Collection and Use
- Providing information about our services and projects
- Providing services and support
- Communicating with business partners, vendors, agents and contractors about business matters
- Analysis of information in order to improve business practices and services
- Conducting related tasks for legitimate business purposes
- Other purposes disclosed at the time of collection
- Compliance with legal requirements
- Data Transfer to Third Parties
- Subcontractors. We transfer Personal Data to our subcontractors that perform consulting services and other functions on our behalf. We enter into written agreements with each of our subcontractors requiring them to provide the same level of protection that Scismic provides for its participants and as required by the GDPR, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that subcontractors process Personal Data in accordance with our company policies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. We remain liable for the acts of our subcontractors that perform services on our behalf for their handling of Personal Data that we transfer to them.
- Third Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers that perform functions on our behalf. Here is our current list of subprocessors: Mailchimp, Mailgun, Sparkpost, Sentry, Digital Ocean, Twitter, Facebook. We enter into written agreements with those third-party agents and service providers requiring them to provide the level of protection required by the GDPR if applicable to such third-party agents and service providers, and if not, then the same level of protection that Scismic provides, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third-party agents and service providers process Personal Data in accordance with our company polies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of Personal Data that we transfer to them.
- Third Party Data Controllers. In some cases, we may transfer Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your Personal Data to third party software and services companies whose products interact with Scismic products and services in certain instances where a Scismic participant is also a client of such third party. We will only provide your Personal Data to third party data controllers where you have not opted-out of such disclosures. As a policy we work with only third-party data controllers that are GDPR compliant, and when possible enter into written contracts with any such third-party data controllers requiring them to provide the same level of protection for Personal Data that GDPR, as applicable, requires.
- Disclosures for National Security or Law Enforcement
- Access rights
- Staff and Responsibilities
- Questions and Concerns
We adhere to the principles of the GDPR with respect to Personal Data provided by: (i) individuals who visit our website and voluntarily provide their information, and (ii) from our participants, vendors, contractors, affiliates, and agents.
Scismic provides job matching tools, research laboratory information, and a discussion platform to assist users in their professional pursuits. Through providing such services, the Personal Data we may collect may include:
Scismic collects, uses and processes Personal Data for the purposes of:
Scismic will only process Personal Data in ways that are compatible with the purpose for which Scismic collected the Personal Data, or for purposes that the individual or participant providing the Personal Data authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt out.
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.
Scismic maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. If your Personal Data was provided to us by a Scismic participant, we may facilitate your access to such data by directing you to the participant that provided your data to us.
Everyone who works for or with Scismic has some responsibility for ensuring data is collected, stored and handled appropriately. Only employees who need to access or know the Personal Data in order to accomplish their work have access to such Personal Data. Our employees that have access to Personal Data must ensure that it is handled and processed in line with this policy and data protection principles. The Board of Directors (“Board”) is ultimately responsible for ensuring that Scismic meets its legal obligations. Scismic has designated the Director of Technology to oversee its information security policies and procedures, including its compliance with applicable law. The Director of Technology shall review and approve any material changes to this policy as necessary.
Any questions, concerns, or comments regarding this Statement or our use of your Personal Data, please contact us at:
PO Box 391763
Cambridge, MA 02139
We reserve the right to amend this Policy from time to time consistent with GDPR requirements and other applicable law