The Alliance and the University of Alberta respect the privacy of individuals and will only collect, use, and disclose Personal Information in keeping with information access and privacy law.Definitions
Administrator (Admin): A User of the Service with administrative permissions to edit basic organizational information, implement local customization and guidance, view usage statistics, and manage templates, plans, and users at their institution.
Content : Data submitted to the Service by Users and Admin, including information entered as part of Plans, Templates, and Profiles (User and Organization).
Data Management Plan (DMP; Plan): A formal document that details the strategies and tools to be implemented to effectively manage data both during a research project and after its completion. Users create Plans using the Service by choosing a DMP Template and answering questions, supported by Guidance and examples.
DMP Assistant: DMP Assistant is a bilingual, web-based tool for preparing data management plans (DMPs). The tool follows international best practices in data stewardship and guides researchers step-by-step through key data management questions. DMP Assistant (the Service) is powered by an open source application called DMPonline, which is developed by the Digital Curation Centre (DCC) and shared under an AGPL license.
DMP Template (Template): A series of key data management questions organized into sections and phases to be answered by the User in order to create a Plan.
Personal Information (PI): Personal information is any recorded information that identifies an individual.
Sensitive Data: Information that must be safeguarded against unwarranted access or disclosure, including but not limited to: Personal Information (PI); Personal Health Information (PHI); Educational records; Customer records; Criminal information; Geographic information (e.g., detailed locations of endangered species); Confidential personnel information; Information that is deemed confidential, information entrusted to a person, organization, or entity with the intent that it be kept private and access be controlled or restricted; Information that is protected by institutional policy from unauthorized access. Includes any information related to an identified or identifiable natural person, organization or entity.
Service: The DMP Assistant website (the Site), dmp-pgd.ca / dmp-pgd.ca/?locale=fr_CA, and the services available on or at the Site (taken together, the Service), offered under partnership between the Digital Research Alliance of Canada (the Alliance) and host institution the University of Alberta Library (taken together, the Service Providers).
Service Providers : The legal entities responsible for offering the Service, being the Digital Research Alliance of Canada (the Alliance) and the University of Alberta Library (taken together, the Service Providers).
Service Support : Staff member(s) employed by the Service Providers to provide support for Service Users, answer User queries and work to resolve User issues.
User : An individual who makes use of the Service by creating, sharing and downloading Plans, and otherwise adds Content. Users include Admin Users (see above definition for Administrator).1.0 Collection of Personal Information
In keeping with information access and privacy law, the Service Providers will only collect Personal Information for the purpose of providing the Service to Users.
1.1 Users are required to create an account with DMP Assistant to make use of the Service. In order to create an account, the DMP Assistant collects Personal Information including name, an affiliated institution, and an email address.
1.3 For all visitors to the Site, administrative information is collected—such as pages viewed on the site, page access times, browser type, version and language, location, and operating system.2.0 Use of Personal Information
In keeping with information access and privacy law, the Service Providers will only use Personal Information for the purpose of providing the Service to Users. The Service Providers process Personal Information in order to deliver and improve the Service in a customized manner and to ensure each User receives relevant information.
2.1 Personal Information collected will be used for the following purposes:
2.2 For all visitors to the Site, administrative information collected will be used:
2.3 Internally, only staff with a direct use for the data will have access to Personal Information collected.3.0 Disclosure of Personal Information
In keeping with information access and privacy law, the Service Providers will only disclose Personal Information as required by law, or with the express written consent of the individual whom the information is about.
3.1 Personal Information collected via DMP Assistant account creation will be disclosed to the Service Providers for the purposes of this Service.
3.2 Comments of Users, regarding Content, provided to Service Support will be shared with the Service Providers.
3.3 The Service Providers will not sell, rent or trade Personal Information or mailing lists.
3.4 The information may be transferred between the Service Providers' partner institutions but only for legitimate internal purposes.
3.5 Administrative information and usage data will only be disclosed externally in a de-identifiable aggregate format.
3.6 Disclosure of Personal Information contained in Content:
3.6.1 In general, DMPs should not contain research data and/or sensitive information (such as personally identifiable information, detailed geographic data, or data otherwise subject to disclosure restrictions). In some cases, it may be reasonable or necessary to include information which could be considered sensitive (e.g. the name of a data source, such as a research hospital) in a DMP. Users are responsible for consulting with the appropriate regulators, guidance, policies and laws to ensure that their use of sensitive and/or identifiable information is appropriate and in accordance with relevant laws and regulations. Users should only include potentially sensitive information in DMPs if necessary. Users may consider creating public and private versions of their DMP in cases where a version of the DMP must be made public and sensitive information must be included in the DMP.
3.6.3 The Service Providers will endeavour to honour the disclosure/non-disclosure requests of Users, subject to applicable laws including information and privacy law.4.0 Storage of Personal Information
The Service Providers will store Personal Information securely in keeping with accepted records management processes.
4.1 Server storage of Personal information
4.1.1 Personal Information collected by the Service Providers will be stored on secure servers located in Alberta, Canada.
4.2 Personal Information collected or used will be held securely and confidentially by the Service Providers.
4.3 Personal information collected or used will be held for as long as the User continues to use the Service.
4.4 Personal Information collected will be administered under the records management protocol of the DMP Assistant.
4.5 If it is discovered that Personal Information was received in error by the Service Providers, it will be securely destroyed after the User has been advised of the error.5.0 Security of Personal Information
The Service Providers will ensure that appropriate security is applied to Personal Information collected, used, stored, or disclosed as part of this Service.
The security of Personal Information will be administered in keeping with the DMP Assistant Information Security Policy.6.0 Privacy Breach Protocol
6.1 The Service Providers will maintain a Privacy Breach Protocol to address the management and mitigation of the breach.
6.2 The Privacy Breach Protocol will be reviewed every two years, or as required.
6.3 In the event of a privacy breach (unauthorized access to, or collection, use, or disclosure of Personal Information) authorized persons at Alliance and the University of Alberta will follow the Privacy Breach Protocol to assess and contain the breach about the relevant details and mitigation of the breach.
6.4 Security breaches are addressed in the DMP Assistant Information Security Policy.
6.6 Where reasonable, and in a timely manner, any persons impacted by a privacy breach will be advised by the Service Providers. Where large numbers of users may be impacted by a privacy breach, notification will be provided on the Site.7.0 Access, Correction, or Removal of Personal Information
7.1 By written request, individuals have the right to request access to Personal Information about themselves that is in the custody of, or under the control of, the Service Providers.
7.2 Individuals may request, in writing, the correction of, or changes to, Personal Information about themselves that is in the custody of, or under the control of, the Service Providers.
7.2.1 Should a requested correction or change not be made to the Personal Information, a copy of the request plus the reason for not granting the request will become part of the administrative record.
7.3 Submitters may request, in writing, to have their Personal Information removed from the system administered by the Service Providers within a period of 30 days.
7.3.1 Should the requested deletion of the Personal Information not be done, a copy of the request plus the reason for not granting the request will become part of the administrative record.
The Service Providers reserve the right to suspend use by any party (User) if that party engages in, or is suspected of engaging in, activities that violate applicable information access and privacy laws.