Privacy Policy

Last Updated: December 09, 2024

1. Introduction

The Chan Zuckerberg Initiative (“CZI,”“we,” “us”) was founded in 2015 to help solve some of society’s toughest challenges — from eradicating disease and improving education, to addressing the needs of our communities. Through collaboration, providing resources and building technology, our mission is to help build a more inclusive, just, and healthy future for everyone.

2. Applicability of this Privacy Policy

This Privacy Policy applies to individuals who sign up for, access, or use the virtualcellmodels.cziscience.com website or the associated platform for biologists and machine learning or science researchers, which includes models and data made available through the platform (collectively, the “Services”), as well as any other projects or interactions that specifically reference this Privacy Policy. Please note that this Privacy Policy does not apply to data collection for other CZI products, programs, or activities that either do not refer to this Privacy Policy or expressly incorporate a different privacy policy.

By signing up, accessing, or using the Services, you accept the terms of this Privacy Policy. By accepting this Privacy Policy, you agree that CZI is the controller of your personal information which is processed in connection with the Services.

3. Information We Collect About You

From You

We collect certain information from you when you provide it to us directly. Specifically:

  • Registration: When you sign up for the Services, we collect certain personal identifiers such as your name, email address, and professional or academic information (e.g., your affiliation with a research institution).
  • User Submissions: If you decide to submit data, models, or other content to the Services, we will collect this information and it will be associated with your account.
  • User Support: If you email any @chanzuckerberg.com email address with a request for support or information, you may provide us with personal identifiers such as your name, email address, contact information, and/or a description of the issue so that we can respond to the request.
  • Mailing list sign-up: When you sign up to receive our newsletter, you choose to provide us with certain personal identifiers, such as your name and your email address. We may combine this information with your internet or other electronic network activity on the Services.
  • Surveys and Feedback: If you decide to respond to a survey or send us feedback, we may collect personal identifiers and information about your interests or preferences.

From Your Browser or Device

When you use online services, certain information routinely gets created and logged automatically; the same is true when you use our Services. When you access or use the Services, we collect:

  • Log data: When you visit our Services (whether on your computer or on a mobile device), we gather certain internet or other electronic network activity information automatically and store it in log files. This information includes your IP addresses, your Internet Service Provider, referring/exit pages, date/time stamps, clickstream data, login/logout times, and duration of time spent on our Website.
  • Device data: In addition to log data, we collect information about the device you’re using to access the Services; this includes the type of device, browser type, operating system, settings, unique device identifiers, and crash data.
  • Click-through URLs: If you receive newsletters, updates, or other information from us, our emails may use a “click-through URL” linked to content on our sites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails. If you prefer not to be tracked in this way, please do not click text or graphic links in emails you receive from us.
  • Cookie Information: We also use cookies (small text files sent by your computer or device each time you visit our Services that are unique to your device or your browser) and similar technologies. These cookies share internet or other electronic network activity information and general geolocation data with certain third parties. See this FAQ for more information about the cookies we use, what companies receive information from these cookies, why we use them, and the choices you have to control them.

Public Sources

We may collect certain personal data about you from publicly available sources, such as Github or scientific databases, which may include but is not limited to your name, ORCID iD, or Github username.

Inferences

We may draw certain inferences about you from the information you provide such as professional or employment-related information that we collected during a registration form or in other communications with us.

Sensitive Personal Information

We do not collect sensitive information about you, and thus we do not use or disclose your sensitive personal information.

4. Use of Your Data

CZI collects and uses your data for the following business purposes:

  • To provide and deliver the Services: This includes creating and managing your account, enabling access to AI models and datasets, facilitating interactions within our Services, and displaying or hosting any content you choose to share on the Services.
  • To communicate with you: This includes providing you with relevant information about the Services and responding to your inquiries.
  • To understand and improve your experience: We analyze how you use the Services, including your interactions and preferences, to understand what aspects are most valuable to you. We may collect general location information to tailor and enhance the Services to better meet your needs.
  • To ensure security and prevent fraud: We work to maintain the security of our Services by detecting, preventing, and investigating potential fraud, unauthorized access, or security threats.
  • To enforce terms and policies: We may monitor compliance with our Terms of Use, Acceptable Use Policy, or other agreements (as applicable), including conducting investigations into potential violations.
  • To protect against harm: We may take actions to protect the rights, property, or safety of CZI, our users, you, and the public as necessary.
  • To comply with legal obligations: This includes responding to and complying with any applicable laws, regulations, legal processes, or requests from governmental authorities.
  • To generate aggregated or de-identified data: We may create aggregated or de-identified data to support research, analytics, or any other purposes permitted by law.

Promoting the Services/Marketing

We may promote our Services to keep you informed about relevant updates and features. Based on your settings, we may use your email address or cookies to send marketing materials.

In the past 12 months, we have used third-party cookies to enhance our marketing efforts and deliver relevant content about our Services. Please refer to this FAQ to understand more about our use of third-party cookies, including how you can exercise control and make choices about your preferences, especially regarding marketing.

Notice of Right to Opt-Out of Sale/Sharing

As stated above (Promoting the Services/Marketing), we may use third-party marketing cookies on our Services, which collect internet or other electronic network activity information, in order to help us deliver marketing messages about the Services or other content that may be of interest to you. Under California law, this practice is considered to be “sharing” of personal information and may also be deemed a “sale” of such information. You can opt-out of this practice by clicking this Do Not Sell or Share My Personal Information link or the link provided in the footer of our homepage and turn off the toggle switch for Marketing and Social Media Cookies. You may also be able to opt-out by broadcasting the Global Privacy Control (“GPC”) signal from a supported browser (see Section 14 for more information).

5. How Long We Retain Your Data

We will keep your personal information only for as long as we believe that we need it for the purpose we have collected it (as described above) or to meet legal obligations, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreements with you, or fulfill your request to unsubscribe from further messages from us. When your information is no longer needed, we will destroy, de-identify, or aggregate it.

6. How We Disclose Your Data

We may disclose your information in the following ways:

  • Service Providers and Vendors: We work with vendors and service providers who provide services on our behalf. These services include: sending emails, performing statistical analysis, database management services, database hosting, providing customer support software, survey providers, and security. In the course of providing these services, our service providers may have access to your personal information.
  • CZ Entities: We may share your information with our affiliates and partners, such as the Chan Zuckerberg Initiative, LLC and the Chan Zuckerberg Biohub Network, and we will require them to honor this Privacy Policy.
  • With Consent: We may share your information with your consent. For example, we may ask for your consent if you decide to sign up for our newsletter.
  • Legal and Safety Reasons: We may disclose information if we believe in good faith that it is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on us; (c) to protect or defend our rights or property or others; and/or (d) to investigate or assist in preventing any violation of the law.
  • Reorganization, Sale, or Merger: We may disclose your information in connection with a merger, reorganization, or sale of all or a portion of our organization or assets related to CZI.

7. Your Rights

You have the following rights with respect to the personal information we have about you:

  • Delete data: You can ask us to erase or delete all or some of your personal information subject to our legal obligations and lawful exceptions.
  • Change or correct personal information: You can also ask us to change, update or fix inaccurate data in certain cases, subject to our legal obligations and lawful exceptions.
  • Object to, limit, or restrict use of personal information: You can ask us to stop using all or some of your personal information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal information is inaccurate or unlawfully held).
  • Right to access and/or take your personal information: You can ask us for a copy of your personal information in machine-readable form.
  • The right not to be discriminated against: CZI will not discriminate against you in any manner for exercising any of the above rights with respect to your personal information.
  • Right to notice: You have a right to receive notice of our personal information collection, use, retention, and disclosure practices at or before collection of personal information.

If you would like to exercise any of these rights, in your email please provide us with your name, the country (and state if within the United States) in which you live, which of the above rights you would like to exercise, and sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information. If you would like an authorized agent to make a request for you, have that agent email privacy@chanzuckerberg.com with the above information along with additional information sufficient for us to verify that the authorized agent is acting on your behalf.

Please also let us know if you have questions or concerns related to exercising any rights you have under applicable law to control your personal information. If you would like to appeal a CZI decision with respect to a request to exercise any of these rights, please email us at privacy@chanzuckerberg.com and explain the basis for your appeal.

If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

8. Do Not Track Signals

We don’t currently share personal data with third parties for their direct marketing purposes, nor do we support any Do Not Track signals since there’s currently no standard for how online services respond to those signals.

9. Data Transfer

CZI is based in the United States. When you use the Services, you are sending personal information into the United States which may have different data protection rules than those of your country. We process data both inside and outside of the United States.

We will collect, use, and disclose your personal information only where we have a legal right to do so. This section explains our legal bases for processing personal information, including under GDPR.

  • Consent: We rely on consent to engage in certain data collection activities, such as when you consent to receive newsletters from us.
  • Performance of a contract: We rely on the legal basis, performance of a contract, when we need to process your information in order to fulfill our contract with you.
  • Legitimate Interests: We rely on legitimate interests to process the data we collect when you browse or use our Services. We have a legitimate interest in understanding what you found valuable about our Services so that we can improve them. We also have a legitimate interest in maintaining the security of our Services.

Where we rely on consent, you have the right to revoke your consent, and where we rely on legitimate interests, you have the right to object by emailing us at privacy@chanzuckerberg.com. If you have any questions about the lawful bases on which we collect and use your personal information, please contact us via email.

11. Additional Information for California Residents

The California Consumer Privacy Act (“CCPA”) requires certain businesses to give California residents a number of rights regarding their personal information. We are offering these rights to you, which are described in Section 7 above. In addition to these rights, we give you a right to request the following information about your personal information that we have collected in the past 12 months:

The Right to Know

This right allows you to request the following information about the personal information that we’ve collected about you in the past 12 months:

  • Information about Data Collection
    • The categories of personal information that have been collected.
    • The categories of sources from which we have collected personal information.
    • The business purpose for which we have collected personal information.
  • Information about Data Disclosure
    • The categories of personal information, if any, that have been sold, shared, or disclosed for a business purpose to third parties.
    • The categories of third parties to whom personal information was sold, shared, or disclosed for a business purpose.
    • Identification of the specific business purpose for disclosing the personal information.

We have described the personal information that we collect, how we use, and disclose it in this Privacy Policy, but provide the following additional disclosure:

  • Information about Data Collection
    • Information we collect: We have collected the following categories of personal information from consumers within the past 12 months: (1) identifiers; (2) internet or other electronic network activity; (3) geolocation data; (4) inferences drawn from your professional background or internet or electronic network activity; and (5) survey responses.
    • Sources of information: We obtain these categories of personal information from the sources described in Section 3 of this Privacy Policy.
    • Purposes of collection: We collect personal information for one or more of the business purposes described in Section 4 of this Privacy Policy.
  • Information about Data Disclosure
    • Information we disclose: We have disclosed the following categories of personal information within the past 12 months: (1) identifiers; (2) internet or other electronic network activity; (3) geolocation data; (4) inferences drawn from your professional background or internet or electronic network activity; and (5) survey responses.
    • Third parties to whom we disclose: We have “shared” your internet or other electronic network activity for marketing purposes, which also may be deemed a “sale” of such information under CCPA, within the past 12 months to marketing providers. We disclose the other categories of personal information to third parties as described in Section 6 of this Privacy Policy.
    • Purposes of disclosure: We disclose the personal information we collect for one or more of the business purposes described in Section 4 of this Privacy Policy.

12. Additional Information for Residents of Virginia, Colorado, Connecticut, and Utah

Virginia, Colorado, Connecticut, and Utah also have adopted privacy laws that give consumers certain rights, including the right to confirm whether businesses are processing the consumer’s personal information, the right to access that data, the right to obtain a copy of that data, the right to correct inaccuracies in that data, and the right to delete that data. As discussed above in Section 7, CZI provides these rights to all consumers, regardless of where they reside.

Additionally, these four states have adopted rights to opt-out of:

  1. Targeted advertising
  2. The sale of personal information
  3. Profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer

These laws define “sale” broadly such that our use of third-party marketing cookies could be considered a sale of personal information. You can opt-out of targeted advertising and the sale of personal information by clicking the Do Not Sell or Share My Personal Information link provided in the footer of our homepage and turning off the toggle switch for Marketing and Social Media Cookies. You may also be able to opt-out by broadcasting the GPC signal from a supported browser (see Section 14 for more information). CZI does not profile consumers in furtherance of decisions that produce legal or similarly significant effects.

13. Security

We implement security safeguards designed to protect your personal information, including reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, and destruction. Despite these efforts, we cannot guarantee that your data may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards.

14. Opt-Out Preference Signal

Some browsers and browser extensions support the GPC or similar controls that can send a signal to a website you visit indicating your choice to opt-out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting or similar control that is recognized by regulation or otherwise widely acknowledged as a valid opt-out preference signal.

15. Children

We do not have actual knowledge that we have sold or shared (as defined under CCPA) the personal information of users under 16 years of age. If we become aware that we have the information of such children, we will promptly delete it.

16. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time, and you can see when the last update was by looking at the “Last Updated” date at the top of this Privacy Policy. If we make material changes to it, we’ll provide you notice through this Privacy Policy. If you object to any changes, you may exercise rights that we provide (See Section 7).

17. Contact Information

If you have questions or complaints regarding this Privacy Policy, please contact us at privacy@chanzuckerberg.com.

Chan Zuckerberg Initiative
2682 Middlefield Road, Suite i
Redwood City, CA 94063

To comply with Article 27 of the GDPR and the UK-GDPR, we have appointed a representative who can accept communications in relation to personal data processing activities falling within the scope of the GDPR or the UK-GDPR. If you wish to contact them, their details are as follows:

European GDPR Representative:
Bird & Bird GDPR Representative Services SRL
Avenue Louise 235
1050 Bruxelles
Belgium

EUrepresentative.ChanZuckerberg@twobirds.com

UK Data Protection Representative:
Bird & Bird GDPR Representative Services UK
12 New Fetter Lane
London EC4A 1JP
United Kingdom

UKrepresentative.ChanZuckerberg@twobirds.com