LabArchives® Privacy

LAST UPDATED: October 12, 2021

At LabArchives, the security of all data is paramount. Whether it be any personal information you provide or the data you choose to store within LabArchives applications, we know that you care how it is handled. We go to great lengths to ensure that all data is secure and appreciate your trust in us to do that carefully and sensibly.

This privacy policy pertains to any data provided to us while using LabArchives websites, services, or applications and within any communications to LabArchives such as email, fax and mail.

This privacy policy does not apply completely to any data that is processed, stored, or hosted by outside vendors that LabArchives utilizes for company business processes or for special integrations with our applications used by our users. In such cases, these vendors share the responsibility of securing the data involved and have their own privacy policies. Rest assured that LabArchives does heavily scrutinize any relationships it makes with 3rd parties and requires that they too handle any data and communications securely.

This privacy policy also does not apply to any LabArchives services that do not provide links to this policy or that have their own privacy statements.

What information do we collect?

When you interact with LabArchives services, you may provide us with many types of information including:

  • Personally identifiable information and other information that you knowingly choose to disclose, which is collected on an individual basis
  • Information that may or may not include personally identifiable information that you choose to store within LabArchives services
  • General usage and statistical information which is collected on an aggregate basis as you use LabArchives services

In some cases, if you choose not to provide us with required information for the services you want to use, you may not be able to access or utilize those services. Further details are provided below.

How and why does LabArchives collect information?

Use of LabArchives Applications

The security of data stored in the LabArchives application is a shared responsibility between LabArchives LLC (the processor of such data) and the application’s users (the controller of such data).

LabArchives LLC does configure and secure its infrastructure (firewalls, servers, storage, databases, networks, etc.). The underlying technology and mechanisms to setup, manage and secure LabArchives infrastructure is provided by Amazon Web Services (AWS) who have their own privacy policy here. LabArchives develops and secures the LabArchives web, mobile, plugin and special utility applications that run on top of the infrastructure using secure coding and testing practices. LabArchives protects data in LabArchives applications by encrypting it at rest and transmitting it over HTTPS. No other corporate systems such as corporate email, file servers, data/contact management systems, financial systems, HR systems, etc. reside on the same network as the systems that store LabArchives product (ELN, Inventory, Scheduler) data and no portable storage devices are used to store any data at any time.

Further, LabArchives staff does not read, classify or share any data from any of our products. LabArchives staff, by default, has no administrative privileges to grant or remove any access rights to/from any user’s account through the LabArchives applications.

To create an account to access LabArchives and store data within the products, LabArchives does need to collect and securely retain some personally identifiable and other information to complete that process. This may include, but is not limited to, an email address, name, organizational affiliations, etc. Settings in the LabArchives applications allow each user to change any of the personally identifiable information related to their account that is stored in the application at any time, unless restricted by institution settings in the case of access is via an institutional enterprise license. LabArchives does send emails that are transactional in nature related to a user account based on the user’s actions such as account activation, password reset, share/comment notifications, etc.

See below for information on how specific LabArchives products collect information.

Additionally, if applicable, LabArchives users that are site administrators for an organization have further control over their organization’s user accounts and data, access to user activities/details and the ability to control what application options are available to their users.

Requests for Product Information or Support

If you request product information or support from LabArchives, we do need to collect some personally identifiable and other information to complete the request you are making. This may include, but is not limited to, an email address, name, contact numbers, organizational affiliations, etc.

We do securely retain this information in applicable systems provided to us by 3rd parties such as email and communication systems, contact management systems, technical support systems and other systems.

Cookies

Cookies are used by LabArchives applications and other LabArchives web services that provide product, support and other information. Cookies are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Cookies are a feature of web browser software that allows web servers to recognize the computer used to access a website.

The LabArchives applications use “session-based” cookies which are allotted to your computer for the duration of your LabArchives session. These session cookies are deleted when you close down your browser. LabArchives applications may also use non-session cookies for functionality such as storing last search criteria and personalized displays, and such non-session cookies may be maintained for up to 30 days.

Other LabArchives web services use cookies to provide functionality and collect information about how our websites are used.

You can, of course, disable cookies on the device you are using to access our services by changing settings on your browser. However, if you choose to do this, you may be restricted from using some LabArchives services and you may receive errors/warnings about your cookie settings.

Network and Systems Logs

When anyone accesses LabArchives services, any systems, networks and security devices involved in the process automatically log details about the access that include information that may be personally identifiable such as the date/time, IP, process requested, process statistics, browser/OS details, etc.

These logs are also used for many other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for traffic/load/malicious patterns in order to maintain services, etc.

These logs are securely retained and do not contain any data from LabArchives products nor are they shared with any 3rd parties unaffiliated with LabArchives.

Application Activity Logging

For auditing and administrative purposes, LabArchives applications log various user actions along with user account information, IP, date/time and other details. The types of actions logged include, but are not limited to, successful/unsuccessful logins, adding data, editing data, generating output, viewing information or data shared with you, turning on/off functionality, etc. This activity logging may be used for reporting to account owners, users and administrators what actions have been performed within specific products or in the system by its users. This logging or history is available to users with access to such information, site administrators and LabArchives staff.

These application activity logs are also used for systems management, trouble-shooting and other legitimate business reasons by LabArchives LLC including, but not limited to, providing various usage reports, monitoring for traffic/load/malicious patterns related to application functionality, security, etc.

These activity logs are securely retained and do not contain any user data which is stored in any of the products nor are they shared with any unaffiliated third party other than in aggregate.

Other Traffic and Performance Analytics

For the purposes of maintaining service reliability, performance levels, monitoring for malicious patterns, better understanding usage of our services and improving overall user experience, LabArchives tracks various systems analytics such as server statistics, response times, request types, error rates, heavily used links, source IPs, geographic locations, etc.

These analytics are securely retained and do not contain any LabArchives data nor are they shared with any unaffiliated third party.

Our website and service uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and web page usage. You may choose to opt-out of Google Analytics data collection by activating the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout?hl=en.

Credit Card Information

To provide secure credit card processing when ordering from us, orders placed online with us are handled and secured by a payment system managed by 3rd parties which operate under their own privacy policies. If you choose to purchase or license LabArchives services online using a credit card, credit card details and other information is sent securely to a 3rd party for processing. LabArchives does not store your credit card information, but may store the status and payment amounts of a transaction.

INFORMATION COLLECTION AND USE BY LABARCHIVES PRODUCTS

LabArchives ELN

Users create and use notebooks and then upload, organize and share data in notebooks by choice. User accounts with administrative privileges are solely responsible for granting any notebook data access to other users through various methods available in the applications and services provided by LabArchives. This may involve a user providing the personally identifiable information of another person such as their email and name in order to share access to notebook data. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot prevent a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc. All ELN data, backups, authentication processes and application logging are stored or performed in the geographic regions of the United States, Europe or Australia depending on your ELN subscription and/or the URL used for access. Data and backups can be replicated within the same geographic region for high availability and disaster recovery purposes. Regardless of where the data is stored and replicated, LabArchives cannot control or limit the geographical locations from which users may access or view their data through a browser. Additionally, any communications from users by email, web services or other means for support or sales information will travel to and reside in the United States where customer service and email systems for LabArchives exist.

LabArchives Inventory

Users set up their lab’s inventory and then upload and organize data. User accounts with administrative privileges are solely responsible for granting access to an inventory through user management features. This may involve a user providing the personally identifiable information of another person such as their email in order to provide access to an inventory. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot prevent a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc. All Inventory data, backups, authentication processes and application logging are stored or performed in the geographic regions of the United States, Europe or Australia depending on your Inventory subscription and/or the URL used for access. Data and backups can be replicated within the same geographic region for high availability and disaster recovery purposes. Regardless of where the data is stored and replicated, LabArchives cannot control or limit the geographical locations from which users may access or view their data through a browser. Additionally, any communications from users by email, web services or other means for support or sales information will travel to and reside in the United States where customer service and email systems for LabArchives exist.

LabArchives Scheduler

Users of Scheduler set up schedules, locations, calendars and resources along with various administrative and user groups as a means to allow users to schedule the use of an institution’s resources such as equipment or meeting rooms. Users with administrative privileges can create additional administrative groups and these administrators have the ability to grant access and confer rights to system users. Administrators also add data about resources and schedules unique to the institution. LabArchives cannot control how any user might abuse any administrative access they have to data by granting access to any users that should not have access. In addition, LabArchives cannot prevent a user from performing actions with data that is beyond what LabArchives application security can control such as, but not limited to, sharing any data through downloads/screenshots/printing, sharing accounts or credentials with others, insecurely using any system or network while accessing data in LabArchives, etc. All Scheduler data, backups and application logging are stored in the United States. Data and backups can be replicated within the United States for high availability or disaster recovery purposes. Authentication storage and processing can occur in any of the geographical regions of the United States, Europe or Australia depending on any pre-existing LabArchives accounts for the user, user’s institutional affiliation, or user’s choice of region in lieu of other determining factors. Regardless of where the data is stored and replicated, LabArchives cannot control or limit the geographical locations from which users may access or view their data through a browser. Additionally, any communications from users by email, web services or other means for support or sales information will travel to and reside in the United States where customer service and email systems for LabArchives exist.

HOW WOULD LABARCHIVES SHARE ANY INFORMATION COLLECTED?

LabArchives shares information with your consent or to provide any services that you have requested or authorized. LabArchives may, from time to time, send you information about other LabArchives products and/or services that we think you may find to be of interest if you have consented to receive such information. LabArchives does not share any end-user information with any affiliates. If you wish to change the types of communications you receive from us by email, you may do so by contacting privacy@labarchives.com, or by clicking on the unsubscribe link in these types of communications.

At times, we may employ other companies and individuals to perform functions on our behalf that involve your personally identifiable information. Our employees, agents and contractors who have access to personally identifiable information are required to protect the information in a manner that is consistent with this privacy policy.

We may provide access to any personally identifiable information and/or data in the event an external agency makes a legitimate, verified legal request to access it. This would include requests resulting from, but not limited to, the receipt of a court order, warrant, subpoena or other legal process. In such cases, the owners and/or administrators of the information or data being requested would be notified unless such notification is prohibited by law, is counterproductive or when extreme circumstances exist that involve danger of death or serious injury to anyone. When possible, external agencies would be provided access to a secondary copy of any data so that the original LabArchives data remains intact.

HOW DOES LABARCHIVES HANDLE DATA FROM THE EEA?

Additional privacy and other rights apply in the event any data comes to LabArchives LLC from the European Economic Area (“EEA”). The EEA is comprised of all European Union countries plus Norway, Iceland and Liechtenstein. Additional rights are provided by the General Data Protection Regulation (“GDPR”) which may apply to the “processor” and/or “controller” of any data from the EEA.

For the LabArchives applications which are used by users and organizations by choice to create accounts and store, organize and share data, LabArchives is the “processor” of the data while the users and organizations they are part of are the “controllers” of the data.

In the case of other systems used by LabArchives for legitimate business processes, LabArchives is the “controller” of the data while any 3rd party provider of these services is the “processor” of the data. These systems include, but are not limited to, email and communication systems, contact management systems, product support systems, business information systems, accounting systems, etc. It should be noted that these systems also are provided by vendors that store the data they process in the United States. With that, if you communicate with us, ask for support, ask for product information or purchase a product, then data from such actions does leave the EEA and travel to the United States. However, no data stored in LabArchives applications, other than data shared with LabArchives for the support of our products, requests for product information, or to purchase / subscribe to a LabArchives product, leaves the region it originates in, United States, EU or Australia. Users and system administrators can select which region they use to store data. LabArchives supports three regions (US, EU, and Australia) for various products. Details for each product, including where the user data is stored for each product, can be found in our Knowledgebase.

As mentioned, the GDPR provides added rights and privileges that the controllers and/or processors must perform for data that is from the EEA. These include, but are not limited to, notifications of any breaches of security, rights to have the data controller provide information on whether their personal information is being processed, rights to have the data controller erase any personal information that is being processed, rights to have the data controller fix any incorrect personal information and rights to get any of their personal data in a machine readable format from the controller. The official details on GDPR can be found here.

VeraSafe has been appointed as LabArchives’ representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to privacy@labarchives.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland

HOW DOES LABARCHIVES HANDLE DATA FROM CALIFORNIA RESIDENTS?

Under California law, specific disclosures are required and California residents have additional rights regarding their personal information. Please review this section to learn more.

Your California Consumer Privacy Act of 2018 (CCPA) Rights

Categories of Personal Information We Collect

The California Consumer Privacy Act of 2018, as amended from time to time (“CCPA”) requires specific disclosures for each category of personal information that we collect. The table below summarizes our general data handling practices which are more fully described in this Privacy Notice.

Category of Personal InformationCategories of Sources From Which Personal Information Was CollectedBusiness or Commercial Purpose for Collecting and Sharing the Category of Personal InformationCategories of Third Parties and Other Entities We Share Personal Information With

Identifiers (§1798.140 (o)(1)(A) and (B))which include elements such as: (i) contact information (e.g., name, mailing address, email address, phone number); and (ii) online identifiers

(e.g., Internet protocol (IP) address, account numbers, device identifiers such as mobile advertising IDs)

Directly from you

From your company or institution

From third-party data suppliers

To provide you with and to improve the LabArchives Services

To communicate with you

For advertising and marketing purposes for us

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

With government authorities as required by law or as necessary to protect our rights

Demographics (§1798.140 (o)(1)(C)) which include elements such as age and gender

We do not collect or process this data

We do not collect or process this data

We do not collect or process this data

Personal Information under subdivision (e) of Section 1798.80 of the California Civil Code (§1798.140 (o)(1)(B)) which includes payment information

(e.g., payment card number, expiration date and billing information)

Directly from you

From your company or institution

To provide you with and to improve the LabArchives Services

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

With government authorities as required by law or as necessary to protect our rights

Commercial Information (§1798.140 (o)(1)(D)) which includes elements such as transactional information

(e.g., activity, subscriptions, requests, purchases, items in your cart but not completed purchases)

Directly from you

From your company or institution

To provide you with and to improve the LabArchives Services

To protect our or others’ rights

To communicate with you

For advertising and marketing purposes for us

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

With government authorities as required by law or as necessary to protect our rights

Internet or other electronic network activity (§1798.140 (o)(1)(F)) which includes elements such as information about how you use, access, or interact with the LabArchives Services such as information about your device, browser or operating system

From usage information within our system

From cookies and similar technologies

To provide you with and to improve the LabArchives Services

To communicate with you

For advertising and marketing purposes for us

For advertising and marketing purposes for us

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

With government authorities as required by law or as necessary to protect our rights

Geolocation Data (§1798.140 (o)(1)(G)) which includes elements such as location information

(e.g., city and state, we do not collect precise location)

Directly from you

To provide you with and to improve the LabArchives Services

To communicate with you

For advertising and marketing purposes for us

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

With government authorities as required by law or as necessary to protect our rights

Audio, Electronic, Visual, Thermal, Olfactory or Similar Information (§1798.140 (o)(1)(H)) which includes elements such as recordings of your calls with our call center

Directly from you

To provide you with and to improve the LabArchives Services

To communicate with you

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

Professional or Employment-Related Information (§1798.140 (o)(1)(I)) which includes elements such as your professional email address, phone number or other contact information if you have used such professional or employment related personal information to register for an account or to receive communications

Directly from you

From your company or institution

From third-party data suppliers

From social media platforms and similar services

To provide you with and to improve the LabArchives Services

To communicate with you

For advertising and marketing purposes for us

To protect our or others’ rights

With affiliates and subsidiaries

With service providers

With government authorities as required by law or as necessary to protect our rights

Inferences (§1798.140 (o)(1)(K)) which include elements such as inferences regarding your preferences or other characteristics

(e.g., cooking enthusiast, travel, food and dining)

We do not collect or process this data

We do not collect or process this data

We do not collect or process this data

Residents of California may have the following rights:

  1. Right to know and access your personal information. Under CCPA, you have the right to:
    • Know the categories of personal information we collect and the categories of sources from which we got the information;
    • Know the business or commercial purposes for which we collect and share personal information;
    • Know the categories of third parties and other entities with whom we share personal information; and
    • Access the specific pieces of personal information we have collected about you. To do so, please email privacy@labarchives.com and include your name, email address, phone number, California postal address as well the name of your associated business or institution.
  2. Right to deletion. In some circumstances, you may ask us to delete your personal information. To do so, please email privacy@labarchives.com and include your name, email address, phone number, California postal address as well as the name of your associated business or institution.
  3. Right to opt-out. We do not sell the personal information of our employees, prospects or customers. However, based on the specific definitions within CCPA we may engage with third parties in ways that may constitute a “sale” under CCPA. You may request that we not “sell” your personal information on a going-forward basis. To do so, please email privacy@labarchives.com and include your name, email address, phone number, California postal address as well as the name of your associated business or institution.

If you reengage with LabArchives after opting out of the “sale” of your personal information, such as by buying a new product or service or signing up for a newsletter, you acknowledge that your personal information may be used and shared in accordance with this Privacy Notice, including in ways that may constitute a “sale” under CCPA.

  1. Right to be free from discrimination. You may exercise any of the above rights without fear of being discriminated against. We are permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.

We use the information you provide to make your CCPA rights requests to verify your identity, locate the personal information we may hold about you and act upon your request. We strongly recommend that you submit the email address that you used when you created accounts, bought LabArchives Services or signed up for a newsletter. After you submit a CCPA rights request via email, you will be required to verify access to the email address you submitted. You will receive an email with a follow-up link to complete your email verification process. You are required to verify your email in order for us to proceed with your CCPA rights requests. Please check your spam or junk folder in case you can’t see the verification email in your inbox. If you are a California resident and have any questions regarding your CCPA rights under this Privacy Notice, please contact us at privacy@labarchives.com.

Authorized Agents

For any of the CCPA rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide information sufficient for us to verify the identity of your agent and that your agent has been properly authorized to act on your behalf; this may take additional time to fulfil your request. If you are an authorized agent working on behalf of a consumer, you will need to fill out the relevant CCPA request form listed above on behalf of the consumer with the consumer’s information. Please note that the consumer you are working on behalf of must have a California postal address and will need to verify access to the email account used to submit the CCPA request in order for us to move forward with processing the request.

Minors

We do not knowingly collect or disclose personal information of minors under the age of 16, without affirmative authorization.

Your Shine the Light California Rights (CA Civil Code § 1798.83)

You may also have the right to request a list of third parties to which certain personal information (as defined by California Civil Code § 1798.83) obtained through a LabArchives Service was disclosed by LabArchives during the preceding year for those third parties’ direct marketing purposes. If you are a California resident and want such a list, please contact us at LabArchives, 251 N. City Drive, Suite 128F, San Marcos, California, 92078. For such a request, you must put the statement “Your California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and zip code. In your request, you need to attest to the fact that you are a California resident and provide a current California address for our response. Please note that we will not accept requests via telephone, email, or by facsimile.

HOW TO GET MORE DETAILS OR HELP WITH THE LABARCHIVES PRIVACY POLICY?

If you need further information about our privacy policy or want to take advantage of rights you may have that are described in this policy, please contact us at privacy@labarchives.com.

Get started with LabArchives today

Start for free and upgrade as your team grows