Jan 17, 2017
- TRUSTe Certification
- Choices You Have about Sharing Information in your ORCID Record
- Information We Collect and How We Collect It
- How We Use Information We Collect
- How We Share Information We Collect
- Access, Review, Editing and Changing Data
- Records of Deceased Persons
- Transparency, Disputed Records, & Removal of Data
- Information Security
- International Data Transfer; Governing Law
- Enforcement and Arbitration
- Children's Privacy
- Single Sign On
- Changes to this Policy
- Questions or Concerns
2.0 TRUSTe Certification
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily please contact our U.S.-based dispute resolution provider(free of charge) at https://feedback-form.truste.com/watchdog/request.
- Member: An organization that has entered into a fee-based Membership Agreement with ORCID.
- ORCID Record or Record: The composite data set other than system data (e.g., user ID, password, log files), including the ORCID iD, pertaining to a specific individual and stored in the Registry.
- Record Holder: The person who owns and is referenced in an ORCID Record. (See also Section 5.2 for limited exceptions.)
- Trusted Organization: An ORCID Member organization to which you have given the right to view, edit, and/or deposit specific data in your ORCID Record. (For example, you may grant a publisher the right to update information about your publications, or grant a funder the right to read information about grants that is otherwise not viewable by the public through the Registry.) (See Section 4.1.2.)
- Trusted Individual: A Trusted Individual is a person to whom you have given the authority to manage your ORCID Record on your behalf, including selecting settings for visibility & sharing, naming Trusted Organizations, and editing and depositing data. (See Section 4.3.)
4.0 Choices You Have about Sharing Information in your ORCID Record
We are committed to providing you with meaningful choices about your privacy and the ability to control how your information is used. A core ORCID principle is that you control the settings for visibility & sharing of your own ORCID Record data. To that end, ORCID allows you the right to control how your information is published on and shared via the ORCID Registry through various opt-in features.
4.1 Privacy - Settings for Visibility & Sharing
When you create an ORCID Record, you can choose to make any element (other than the ORCID iD, which is always visible) visible by everyone (Public), visible only to a selected groups of Member institutions (Trusted Organizations) that you have indicated that you trust (Limited Access), or visible only to you and Trusted Individuals you designate (Private), as further described in the definitions of Public, Limited Access, and Private below. You will choose your default visibility when you register, and can change this default and item-level visibility at any time.
visible by everyone
Data marked as Public (visible by everyone) will be available to the public for viewing and use under a Creative Commons CC0 waiver.
|4.1.2 LIMITED ACCESS
visible by those you trust
People and Organizations I trust
Data marked Limited Access (visible by those you trust) may be viewed through the Registry by you and your designated Trusted Individual(s) (if any) and Trusted Organizations (if any). You can elect to share specific items with Trusted Organizations. Trusted Organizations will have these permissions for the time period that you specify, either for a single use, or until you revoke these permissions. At any time, you can elect to revoke permissions for any Trusted Organization on the Account Settings page of your Record. Under ORCID’s Membership Agreement, Trusted Organizations agree not to disclose to any other person or entity Limited Access Data unless (i) such data is publicly available from another source, or (ii) the organization provides notice to you about how and to whom such data will be disclosed. However, ORCID has no control over how the organization uses the Limited Access data, including sharing it with others. Therefore, you should only grant Trusted Organization status to those that you trust.
visible by only me
Data marked as Private (visible by you) may be viewed through the Registry only by you, any Trusted Individual(s) you designate, and a Trusted Organization that added the data (if you gave it permission to do so). Private data are not shared with the public, Trusted Organizations or other Members of ORCID.
Only our staff, and our agents’ or contractors’ staff, with a “need to know” to manage the Registry and process data for us are able to view Private and Limited Access Data. See How We Use Information We Collect and Information Security, below.
4.2 Changing Settings
You can change your settings for visibility & sharing at any time. However, the new settings will only apply after you have made the change. ORCID has no control over uses of data already made available via the Registry or disclosures made in places other than the Registry.
4.3 Trusted Individuals
You may delegate management of your ORCID Record to one or more Trusted Individuals (such as your research administrator or administrative assistant). A Trusted Individual can act on your behalf with respect to your ORCID Record, including editing and depositing data, naming Trusted Organizations, and designating settings for visibility & sharing. A trusted individual cannot name other trusted individuals, change passwords or account access settings, or remove email addresses. S/he will have access to all information in your ORCID Record, including Limited Access and Private data. Therefore, you should only grant Trusted Individual status to a person you trust. ORCID cannot control how a Trusted Individual will interact with your ORCID Record. You may revoke Trusted Individual status at any time at the Account Settings page of your Record. Trusted Individuals must agree to ORCID’s Terms and Conditions of Use.
5.0 Information We Collect and How We Collect It
ORCID collects information from users of the Websites and Registry in four ways: information you directly give us; information given to us by a third parties; information we collect from your use of the ORCID Websites; and information we collect from cookies, also known as tracking technologies (See Section 5.4).
5.1 Information You Give Us
To use certain features of the ORCID Website, users must register with ORCID. Registration requires that you provide us with personal information including your name and email address. You are not required to register with us to use the ORCID Websites; however, if you do not register, certain features (e.g., creating an ORCID Record or serving as a Trusted Individual) are not available.
If you want to create an ORCID Record (including obtaining an ORCID identifier), you will need to provide ORCID with personal information, including, at minimum, your name and email address. You may also include certain additional information about yourself in your ORCID Record, such as affiliations, title, education, grants, patents, and publications.
We also collect information from you if you contact the Help Desk, the ORCID Ombudsman or Executive Director, or make posts in any online chat rooms, blogs or other public forums offered from time to time on the Websites. ORCID may associate your Account information (e.g., name and email address) with these activities.
5.2 Information Provided by a Third Party
Trusted Organizations & Trusted Individuals
Trusted Organizations may deposit information in your Record if you give them the authority to do so. You may provide this authorization on a Member website that has integrated with ORCID, or directly in the ORCID Registry. In some instances an ORCID Member or its agent may contact us to let us know that they have information about new publications or other research activity that are connected to your ORCID iD. ORCID will contact you and ask if you would like to grant permission to a Member organization to add information about these activities to your Record. You may regulate the frequency of these messages using your Account Settings.
Your Trusted Individuals may edit and deposit information in your Record. You may specifically designate or remove Trusted Individuals in the ORCID Registry at the Account Settings page of your Record.
The majority of ORCID Records are created by the individual to whom the Record refers. Historically, ORCID also provided an option for Members to create ORCID Records on behalf of their employees and students, including obtaining an ORCID identifier, populating the Record with data, and setting the initial settings for visibility & sharing on the Record. Such Members are referred to in this Section as “Member Creators”. We are in the process of phasing out this practice and only a very limited number of Members continue to use this feature. Additional information about Member-created ID's can be found here Can someone else create an ORCID iD for me.
Before a Member Creator creates an ORCID Record and has an ORCID identifier assigned on your behalf, we ask the entity to represent and warrant that it has the authority and your consent to provide us with information about you, to contact you about the Record, and to distribute certain information in the Record to the public. If the Member Creator represents to us that it has the authority to create an ORCID Record and have an ORCID identifier assigned, but not your consent to make the data available through the Registry, it must mark the data it deposits as Private, and the information will not be made publicly available unless you change the settings for visibility & sharing.
If a Member Creator creates an ORCID Record for you, you will receive an email from ORCID inviting you to Claim the Record. By “Claim” we mean take over ownership of the Record. The email will give you a period of time (set forth in the email but at least 10 days) to Claim the Record before we share any information that the Member Creator marked as Public or Limited Access. If we do not hear back from you within the given time, we assume that you are comfortable with the selections made by the Member Creator, and will share data according to the settings for visibility & sharing set by the Member Creator. Also, if you do not Claim your Record, the Member Creator may continue to access data it has marked as Private and Limited Access, edit and update the Record, make privacy selections, name Trusted Organizations and close the Record. If you do not initially Claim your Record, you can still do so in the future. When you Claim a Record, you can elect to take over management of your Record, including through a Trusted Individual. Any changes you make to settings for visibility & sharing will override Member Creator settings.
We do not make any Records that have not been Claimed available through the Public Data File.
If you object to having an ORCID Record, you may contact ORCID Support at http://orcid.org/help/contact-us to remove a Record created for you by your employer or affiliated organization acting as a Member Creator. Or, you may first Claim the Record and deactivate the account from the Account Settings page of your Record.
5.3 Information ORCID collects from your use of the Websites
ORCID will collect information about your use of the Websites and Registry. We do this for a variety of reasons, including to monitor when and by whom Registry information has been changed, to help identify and block some spammers, and also to monitor traffic on the Websites and Registry. When a visitor accesses our Websites or Registry, we collect certain information using web analytics tools, including details about the users, such as the visitor’s IP address, the type and version of the Internet browser that is being used, the site from which the visitor accesses our Websites, the type of device being used (e.g. computer, smart phone, tablet), or the screen resolution; and details about usage, including page traffic. We may combine this automatically collected log information to other information we collect about you.
5.4 Information from Cookies and other Tracking Technologies
We partner with third party(ies) to provide better functionality to the ORCID website. While ORCID does not gather information about your activities, our third party(ies) may do so. Our third party(ies) may use technologies such as cookies to gather information about your activities on this website and other sites and may provide you advertising based upon your browsing activities and interest. We do not serve ads on our website, but rather the third party(ies) may use interest-based ads on other websites your browse. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads on other websites. You will continue to receive generic ads on these websites.
6.0 How We Use Information We Collect
We use the information we collect to provide the ORCID Websites and Registry to the public and to Members. For example,
- We use the information we collect to operate, protect, evaluate and improve the ORCID Websites and Registry, its features, and ORCID operations generally. Note that this use includes Private and Limited Access data; for example, we may use such data for disambiguation or to resolve any disputes about identity and Records.
- We also use the information we collect about when and by whom information was deposited in your ORCID Record to help verify questions you have about your Record or resolve any disputes about the accuracy of information in a Record.
We also use this information to send messages to you. We send messages either to the email address you provide us, or to an ORCID Inbox that is created when you register for an ORCID iD. We will send you an email with a summary of the information in your ORCID Inbox at the frequency you request in Account Settings. Reasons we may contact you include:
- We may contact you with requests from Members for your permission to become Trusted Organizations and to deposit or edit information in your ORCID Record.
- We may also contact you about your use of the ORCID Websites and Registry.
- We may contact you to send you newsletters, and information about ORCID. You may subscribe or unsubscribe at http://orcid.org/newsletter/subscriptions, by changing your email preferences in your Account Settings, or by clicking on the unsubscribe message included in each newsletter.
You may regulate the frequency of these messages by adjusting your email and contact preferences in the Account Settings of your ORCID Record. Please note that we reserve the right to notify you about changes or updates to your ORCID account and the Registry as described in the preceding paragraph.
7.0 How We Share Information We Collect
7.1 With the Public & Members
In addition to ORCID’s commitment to giving Record Holders control over their ORCID Records, ORCID seeks to support open access to information for the research community. ORCID shares with the public free of charge any data marked as Public through the Registry for viewing and use.
Your designated Trusted Individuals have access to all of your Record information (other than your password and account access security information) including data marked as Limited Access and Private. Your designated Trusted Organizations are able to view your Public data and the Limited Access data you have approved sharing. Your Trusted Organizations also may see any data that you have authorized them to deposit to your Record, even if this data is marked as Private; they can not see private data that they have not deposited.
If there is a dispute regarding data in your Record, we may share your email address with your permission and relevant deposit history (e.g., what data was deposited by whom) with the disputing or depositing party or a third party dispute resolution agent, so that the dispute may be resolved.
Our Terms and Conditions of Use (for individuals) and our Membership Agreement (for Members) state that individual data Records may not be used in any manner that is defamatory or misleading; cannot be modified so as to make them false, incomplete, or misleading; are subject to your rights of publicity; and if any person or entity uses the data for marketing purposes, they must give you the right to opt-out of such communications. Although we post this notice, ORCID does not undertake the responsibility to police third party uses of data. If you object to a third party use of your data, you should contact and make a complaint directly to the third party.
The Public Data File
In addition, annually, ORCID will release to the public a downloadable data file, the “Public Data File”, containing all Public data from ORCID Records created by individuals. The public will have free access to the data for viewing and use. ORCID releases the Public Data File under a CC0 1.0 Public Domain Dedication developed by Creative Commons, in which ORCID waives all copyright and related rights it owns in the Public Data File to the extent permitted by law. Accordingly, ORCID does not impose restrictions or conditions (including those contained in the Terms and Conditions of Use and the Membership Agreement) on use of the Public Data File, but it has posted recommended community norms for use. ORCID is sharing the Public Data File to ensure that all scholarly communication stakeholders, including organizations that are not Members of ORCID, have broad access to what we hope becomes a vital part of the scholarly communication infrastructure.
7.2 With our Vendors
We may share your information with agents or contractors (for example, a vendor may host ORCID’s servers, or an ORCID contractor may need to check Records for inconsistencies), but only on a “need to know” basis to help us operate ORCID, the Registry and the Websites, and only if the vendor agrees to maintain the confidentiality and security of your information and not to use it for other purposes. These companies are authorized to use your personally identifiable information only as necessary to provide these services to us.
ORCID’s Terms and Conditions of Use for the Registry bar the following re-uses of ORCID Data:
- Users of the Registry may not use the email addresses obtained from the Registry to send any marketing or other commercial communication to anyone, unless they give the person the right to opt-out of such communications.
- Users may not use any Record Data to send junk mail, spam, chain letters, pyramid schemes, or other similar communications.
Because the Public Data File is released under a CC0 Waiver, we cannot impose any restrictions on use; however we do suggest that people follow community norms in using the Public Data File as well. ORCID does not otherwise limit commercial use of Public Data by third parties or of Limited Access Data by entities to which you (or a Trusted Individual) gives access. You can block commercial re-use of any data by marking it Private and by controlling whom you grant permissions as a Trusted Organization.
7.4 Government Data Requests
If we are required by law, public safety or public policy, or we are served with a warrant, court order, or subpoena, we may provide your information, including Limited Access and Private data to regulators, enforcement agents, courts and/or other government entities. To protect the privacy interests of our users, ORCID will provide only such data as we deem necessary in the situation. To the extent allowed, we will promptly provide information about any government data requests received and accounts affected to the relevant Record Holders.
- Aggregated Data: We may share aggregated usage data with our Members or others in the research community or publish information based on aggregated usage data so Members and others can understand how the ORCID Registry is being used. We will only do so in a way that your personal identity is protected.
- Legal Reasons: We may provide your information if we need to defend against legal claims or in bankruptcy proceedings. We may also use and share your information, including Limited Access and Private data, to enforce our Terms and Conditions of Use and Membership Agreements (including investigation of potential violations). To the extent possible in the relevant situation, we will promptly provide information about any such disclosures to the relevant Record Holders.
8.0 Access, Review, Editing and Changing Data
You may review, delete, and edit information in your ORCID Record and change preferences. Please note that changes will be applied prospectively. For example, if you change a setting for visibility & sharing from Public (visible by everyone) to Private (visible by you), or Limited Access (visible by those you trust), there is no way to stop people who have previously viewed or downloaded the Public data from using it.
- You may review information about you and change your settings for visibility & sharing in your ORCID Record by logging into your ORCID Record. If you think that any information in your Record is wrong, we strive to give you ways to update it quickly or delete it, subject to legitimate business or legal purposes, including the Dispute Procedure outlined below in Transparency, Disputed Records and Removal of Data.
- You may not directly edit data provided by another source that you have given permission as a Trusted Party. However, you may change the item's visibility, delete the incorrect data, or make your own corrected version of data.
- You may choose to disable your ORCID Record in the Registry by deactivating the Account from the Account Settings page of your Record. In the event that an ORCID Record is disabled, we will maintain as Private your email address, so as not to assign the same identifier to another person and to allow you to re-claim your identifier in the future.
- You may make yourself “invisible” to the public by marking all fields other than the ORCID identifier Private.
- You may revoke Trusted Organization or Trusted Individual status at any time using the Account Settings page.
- You may update your password, email, and notifications preferences at any time using the Account Settings page.
- If you discover that you accidentally have more than one ORCID iD/Record, you may combine the Records.
In limited circumstances, ORCID may proactively correct data in a Record where errors are a result of system errors, changed standards specifications, or other obvious errors not caused by you or your trusted individuals or organizations. To ensure transparency of our processes, we will post information on our websites when we make record changes. See the Integrity page for more information.
9.0 Records of Deceased Persons
An ORCID Record of a person that was created before the person deceased is maintained as is, according to the following:
- Record data, settings for visibility & sharing, Trusted Individual, and Trusted Organization designations of the ORCID Record remain as set by the Record owner before being deceased.
- If the ORCID Record owner selected one or more Trusted Individuals, such persons may continue to manage the record as per the Record owner's wishes.
- Any current Trusted Organizations may still write/access the record according to the settings at the time before the person is deceased. However, Trusted Individuals (if they exist) may affect these settings as outlined previously.
- Posthumous publications may be added to the ORCID Record only if arrangements had been made prior to death (e.g., one or more Trusted Individuals were assigned who add the publication(s), and/or a Trusted Organization relationship had been made that would allow for the addition of the publication(s) without further action.)
- A person who has assumed management of the deceased Record Holder's email account may request that all email from ORCID to the researcher be turned off.
- No indication is made by ORCID to highlight Records of deceased persons, though Trusted Individuals, at their discretion, could use existing fields to provide this detail, if desired, for example, including such information in the biography field, or after the person’s name.
- If ORCID is contacted to remove or correct a Record for someone who is deceased, the requestor will be referred to the Record's Trusted Individual(s) (if any), or, if needed, the request will be handled according to ORCID’s established Dispute Procedure described in Section 10.
10.0 Transparency, Disputed Records, & Removal of Data
To ensure the transparency of the ORCID Registry, we keep an audit trail of when and by whom Registry information has been deposited or changed and any changes to settings for visibility & sharing. ORCID will use this information to assist you in addressing concerns about the provenance of data in the Registry and questions about identity ambiguity or theft. Upon request ORCID will provide you with information about whether we hold any of your personal information. If you have a concern about the accuracy of data in your ORCID Record or another ORCID Record or another ORCID Record, you may correct, update, amend, delete, or remove it by signing into your account and making the change, or by submitting a ticket to our Help Desk for assistance. If you have concerns about the accuracy of data in another ORCID Record, submit a ticket to our Help Desk. We will review your concerns in accordance with our Dispute Procedure and will respond to your request within a reasonable timeframe. ORCID reserves the right (but shall not be required) to remove or hide from the Registry and its servers any Record data that violates the privacy, publicity or other rights of any person, is the subject of a dispute, or for any other good cause, including without limitation, in any situation in which ORCID is advised by legal counsel that the retention or public availability of such data poses a legal risk to ORCID.
We will retain your information for as long as your Account is active, or as needed to provide you services, including reactivation. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
11.0 Information Security
We are committed to protecting the Registry and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of personal information in the ORCID Registry or which we otherwise hold. For example:
- We store information about you in a data center with restricted access, and we use a variety of technical security measures to secure your data. We also use secure socket layer (SSL) technology and intrusion detection and virus protection software.
- We periodically review our information collection, storage and processing practices, including physical security measures.
- We restrict access to information marked as Private (visible by you) to ORCID employees, contractors and agents who need to know that information to manage the ORCID Registry and process such data for us, and who are subject to confidentiality obligations.
- We restrict access to information marked as Limited Access (visible by those you trust) or which is otherwise not public to (i) Trusted Individuals, (ii) Trusted Organizations granted permissions by users, and (iii) ORCID employees, contractors, and agents with a need to know to manage data in the ORCID Registry and process such data for us, and who are subject to confidentiality obligations.
- All passwords and security question answers are protected by a salted hash, and are not visible by ORCID, its contractors or agents, or even you.
Despite these measures, we cannot guarantee that unauthorized persons will not be able to hack our system or otherwise defeat our security measures.
Your access to some of our services and content may be password protected. To maintain the security of your information (or information in another person’s ORCID Record that you are authorized to view), please keep your username(s) and password(s) strictly confidential and do not disclose them to anyone. We also recommend that you sign out of your Account at the end of each session. You may also wish to close your browser window when you have finished your work, especially if you share a computer with someone else or are using a computer in a public place. You will be solely responsible for any action, activities, and access to our Websites and Registry that were taken through your username and password, and that occurred before you notified us of their loss. More details can be found in our ORCID Trust Program. If you have any questions about security on our Websites, please contact us at http://orcid.org/help/contact-us.
12.0 International Data Transfer
As a nonprofit organization, we are not subject to the jurisdiction of the United State Federal Trade Commision, which oversees the implementation of the Privacy Shield program. Consequently, ORCID cannot self-certify compliance.
13.0 Enforcement and Arbitration; Governing Law
If the complaint or dispute cannot be resolved through our internal process, and ORCID does not adequately respond to your question, please contact our U.S. based third party dispute resolution provider as indicated in Section 2 – TRUSTe Certification.
If you are not able to resolve your concerns through ORCID’s internal mechanism or through our third party dispute resolutions provider, arbitration as set forth in this paragraph will be your final and exclusive recourse for dispute resolution. If arbitration is necessary, it will be conducted by telephone and email, and if it must be done in person, it will be conducted in New York, NY, and by using our Websites and/or Registry, you consent to such jurisdiction. The arbitration will be conducted by one arbitrator who is a member of the American Arbitration Association, and under the rules of commercial arbitration of the American Arbitration Association. Both parties will bear equally the cost of arbitration (exclusive of legal fees and expenses). All decisions of the arbitrator(s) will be final and binding on both parties and enforceable in any court of competent jurisdiction.
14.0 Children's Privacy
ORCID provides general audience Websites and does not offer services directed to children. Should a child whom we know to be under 13 send personal information to us, we will delete that information immediately. Parents may also contact us through our Contact Us form to request removal of any personal information about a minor.
15.0 Single Sign On
You may log in to our site using sign-in services from providers such as Facebook, Google, or your employer/university. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our signin form.
Our Websites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at http://orcid.org/help/contact-us. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. Alternatively, if you used a third-party application to post such information, you can remove it, by either logging into the said application and removing the information or by contacting the appropriate third party application.
17.0 Changes to this Policy
18.0 Questions or Concerns