The following Privacy Policy applies to the DMP Assistant website (the Site), assistant.portagenetwork.ca / assistant.portagenetwork.ca/?locale=fr_CA, and the services available on or at the Site (taken together, the Service). The Service is supported by the Digital Research Alliance of Canada (the Alliance) and the University of Alberta Library (taken together, the Service Providers).

Privacy Statement

The Alliance and the University of Alberta respect the privacy of individuals and will only collect, use, and disclose Personal Information in keeping with information access and privacy law.

Definitions

Administrator (Admin): A User of the Service with administrative permissions to edit basic organizational information, implement local customization and guidance, view usage statistics, and manage templates, plans, and users at their institution.

Content : Data submitted to the Service by Users and Admin, including information entered as part of Plans, Templates, and Profiles (User and Organization).

Data Management Plan (DMP; Plan): A formal document that details the strategies and tools to be implemented to effectively manage data both during a research project and after its completion. Users create Plans using the Service by choosing a DMP Template and answering questions, supported by Guidance and examples.

DMP Assistant: DMP Assistant is a bilingual, web-based tool for preparing data management plans (DMPs). The tool follows international best practices in data stewardship and guides researchers step-by-step through key data management questions. DMP Assistant (the Service) is powered by an open source application called DMPonline, which is developed by the Digital Curation Centre (DCC) and shared under an AGPL license.

DMP Template (Template): A series of key data management questions organized into sections and phases to be answered by the User in order to create a Plan.

Personal Information (PI): Personal information is any recorded information that identifies an individual.

Sensitive Data: Information that must be safeguarded against unwarranted access or disclosure, including but not limited to: Personal Information (PI); Personal Health Information (PHI); Educational records; Customer records; Criminal information; Geographic information (e.g., detailed locations of endangered species); Confidential personnel information; Information that is deemed confidential, information entrusted to a person, organization, or entity with the intent that it be kept private and access be controlled or restricted; Information that is protected by institutional policy from unauthorized access. Includes any information related to an identified or identifiable natural person, organization or entity.

Service: The DMP Assistant website (the Site), assistant.portagenetwork.ca / assistant.portagenetwork.ca/?locale=fr_CA, and the services available on or at the Site (taken together, the Service), offered under partnership between the Digital Research Alliance of Canada (the Alliance) and host institution the University of Alberta Library (taken together, the Service Providers).

Service Providers : The legal entities responsible for offering the Service, being the Digital Research Alliance of Canada (the Alliance) and the University of Alberta Library (taken together, the Service Providers).

Service Support : Staff member(s) employed by the Service Providers to provide support for Service Users, answer User queries and work to resolve User issues.

Site : DMP Assistant website (the Site), assistant.portagenetwork.ca / assistant.portagenetwork.ca/?locale=fr_CA.

User : An individual who makes use of the Service by creating, sharing and downloading Plans, and otherwise adds Content. Users include Admin Users (see above definition for Administrator).

1.0 Collection of Personal Information

In keeping with information access and privacy law, the Service Providers will only collect Personal Information for the purpose of providing the Service to Users.

1.1 Users are required to create an account with DMP Assistant to make use of the Service. In order to create an account, the DMP Assistant collects Personal Information including name, an affiliated institution, and an email address.

1.2 For security and version control purposes, DMP Assistant records the User's last login time, as well as information on when responses were saved and by whom. No other session information is stored nor is clickstream data tracked or retained in the DMP Assistant. The web hosting service (provided by University of Alberta) does collect clickstream data, but this information is captured anonymously and cannot be linked to a specific user (See the University of Alberta Privacy Policy). IP addresses and location data of Users of the system may be collected in order to provide the Service to Users. Opinions of Users are collected (via web-based feedback option) on a voluntary basis.

1.3 For all visitors to the Site, administrative information is collected—such as pages viewed on the site, page access times, browser type, version and language, location, and operating system.

2.0 Use of Personal Information

In keeping with information access and privacy law, the Service Providers will only use Personal Information for the purpose of providing the Service to Users. The Service Providers process Personal Information in order to deliver and improve the Service in a customized manner and to ensure each User receives relevant information.

2.1 Personal Information collected will be used for the following purposes:

• provision of access to DMP Assistant
• communication with Users to obtain feedback on use of the tool or to inform them of the latest developments or releases, or changes to this Policy or the Terms of Use
• administration of voluntary feedback received from Users
• personalisation of user experience (e.g. provision of relevant templates and guidance for associated organizations)
• network and information security

2.2 For all visitors to the Site, administrative information collected will be used:

• for internal administrative use
• for aggregation into de-identified statistics for reporting purposes
• as required by law.

2.3 Internally, only staff with a direct use for the data will have access to Personal Information collected.

3.0 Disclosure of Personal Information

In keeping with information access and privacy law, the Service Providers will only disclose Personal Information as required by law, or with the express written consent of the individual whom the information is about.

3.1 Personal Information collected via DMP Assistant account creation will be disclosed to the Service Providers for the purposes of this Service.

3.2 Comments of Users, regarding Content, provided to Service Support will be shared with the Service Providers.

3.3 The Service Providers will not sell, rent or trade Personal Information or mailing lists.

3.4 The information may be transferred between the Service Providers' partner institutions but only for legitimate internal purposes.

3.5 Administrative information and usage data will only be disclosed externally in a de-identifiable aggregate format.

3.6 Disclosure of Personal Information contained in Content:

3.6.1 In general, DMPs should not contain research data and/or sensitive information (such as personally identifiable information, detailed geographic data, or data otherwise subject to disclosure restrictions). In some cases, it may be reasonable or necessary to include information which could be considered sensitive (e.g. the name of a data source, such as a research hospital) in a DMP. Users are responsible for consulting with the appropriate regulators, guidance, policies and laws to ensure that their use of sensitive and/or identifiable information is appropriate and in accordance with relevant laws and regulations. Users should only include potentially sensitive information in DMPs if necessary. Users may consider creating public and private versions of their DMP in cases where a version of the DMP must be made public and sensitive information must be included in the DMP.

3.6.2 It is the responsibility of Users to ensure that proper authority or consent has been obtained should submitted Consent include Personal Information or information which is otherwise sensitive. The Service Providers retain the right to request documentation concerning privacy, including research ethics approvals, Privacy Impact Assessments (PIA), or other documentation relating to regulation or approval of the disclosure of information in any instance where a privacy breach or violation of the Terms of Use is known or suspected. Users are responsible for complying with any obligations they may have through institutional affiliations or by law.

3.6.3 The Service Providers will endeavour to honour the disclosure/non-disclosure requests of Users, subject to applicable laws including information and privacy law.

4.0 Storage of Personal Information

The Service Providers will store Personal Information securely in keeping with accepted records management processes.

4.1 Server storage of Personal information

4.1.1 Personal Information collected by the Service Providers will be stored on secure servers located in Alberta, Canada.

4.2 Personal Information collected or used will be held securely and confidentially by the Service Providers.

4.3 Personal information collected or used will be held for as long as the User continues to use the Service.

4.4 Personal Information collected will be administered under the records management protocol of the DMP Assistant.

4.5 If it is discovered that Personal Information was received in error by the Service Providers, it will be securely destroyed after the User has been advised of the error.

5.0 Security of Personal Information

The Service Providers will ensure that appropriate security is applied to Personal Information collected, used, stored, or disclosed as part of this Service.

The security of Personal Information will be administered in keeping with the DMP Assistant Information Security Policy.

6.0 Privacy Breach Protocol

6.1 The Service Providers will maintain a Privacy Breach Protocol to address the management and mitigation of the breach.

6.2 The Privacy Breach Protocol will be reviewed every two years, or as required.

6.3 In the event of a privacy breach (unauthorized access to, or collection, use, or disclosure of Personal Information) authorized persons at Alliance and the University of Alberta will follow the Privacy Breach Protocol to assess and contain the breach about the relevant details and mitigation of the breach.

6.4 Security breaches are addressed in the DMP Assistant Information Security Policy.

6.5 As regards references to privacy breaches in the DMP Assistant Information Security Policy, these references will be in compliance with this Privacy Policy and with the Privacy Breach Protocol.

6.6 Where reasonable, and in a timely manner, any persons impacted by a privacy breach will be advised by the Service Providers. Where large numbers of users may be impacted by a privacy breach, notification will be provided on the Site.

7.0 Access, Correction, or Removal of Personal Information

7.1 By written request, individuals have the right to request access to Personal Information about themselves that is in the custody of, or under the control of, the Service Providers.

7.2 Individuals may request, in writing, the correction of, or changes to, Personal Information about themselves that is in the custody of, or under the control of, the Service Providers.

7.2.1 Should a requested correction or change not be made to the Personal Information, a copy of the request plus the reason for not granting the request will become part of the administrative record.

7.3 Submitters may request, in writing, to have their Personal Information removed from the system administered by the Service Providers within a period of 30 days.

7.3.1 Should the requested deletion of the Personal Information not be done, a copy of the request plus the reason for not granting the request will become part of the administrative record.

7.4 Persons wishing to have Content containing Personal Information edited, amended, or removed from the Service should contact support@portagenetwork.ca.

8.0 Dissemination of Privacy Policy

8.1 This Privacy Policy shall be posted on the DMP Assistant Site.

8.2 This Privacy Policy shall be appended to the DMP Assistant Terms of Use Agreement.

8.3 This Privacy Policy will be reviewed every two years, or as required.

8.4 Notification of any changes to the collection, use, or disclosure of Personal Information, or changes to the Privacy Policy, will be posted on the DMP Assistant Site.

Contact Us

Should you have any questions or concerns about the collection, use, or disclosure of Personal Information as regards the DMP Assistant, or about this Privacy Policy please contact us at support@portagenetwork.ca.

The Service Providers reserve the right to suspend use by any party (User) if that party engages in, or is suspected of engaging in, activities that violate applicable information access and privacy laws.