​​​​​​​
​​​​​​
BISTI Privacy Policy​
 

Protecting your privacy is very important to us. Our Web site links to other National Institutes of Health (NIH) sites, federal agency sites and occasionally, to private organizations. Once you leave the primary NIH.gov site, you are subject to the privacy policy for the site(s) you are visiting. We do not collect any personally identifiable information (PII) about you during your visit to NIH Web sites unless you choose to provide it to us. We do, however, collect some data about your visit to our Web site to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, and/or download information from our Web site. NIH never collects information for commercial marketing or any purpose unrelated to the NIH mission and goals.

When visitors send email messages containing personal information to the general NIH.gov email box NIHinfo@od.nih.gov, NIH staff responds to the letters and files them. Only designated staff members requiring access to the emails to respond, may view, or answer them.

Types of Information Collected

 

When you browse through any Web site, certain information about your visit can be collected. We automatically collect and temporarily store the following type of information about your visit:

  • Domain from which you access the Internet;
  •  
  • IP address (an IP address is a number that is automatically assigned to a computer when surfing the Web);
  •  
  • Operating system and information about the browser used when visiting the site;
  •  
  • Date and time of your visit;
  •  
  • Pages you visited;
  •  
  • Address of the Web site that connected you to an NIH Web site (such as google.com or bing.com); and,
  •  
  • Demographic and interest data.

We use this information to measure the number of visitors to our site and its various sections and to help make our site more useful to visitors. This information cannot be used to identify you as an individual. 


How NIH Collects Information

 

NIH.gov uses Google Analytics to collect the information in the bulleted list in the Types of Information Collected section above. Google Analytics gathers information automatically and continuously. No Personally Identifiable Information (PII) is collected. NIH staff conducts analyses and reports on the aggregated data from Google Analytics and those reports are only available to NIH.gov managers, members of the NIH.gov communications and web teams, and other designated staff who require this information to perform their duties.

Additionally, NIH.gov participates in the Digital Analytics Program (DAP), in which Google Analytics data is collected from websites across the Federal Government. For more information on DAP, please visit the DigitalGov website.

NIH also uses online surveys to collect opinions and feedback from a random sample of visitors. NIH.gov uses the ForeSee Results’ American Customer Satisfaction Index (ACSI) online survey to obtain feedback and data on visitors’ satisfaction with the NIH.gov website. This survey does not collect PII. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the NIH.gov site as those who do not take the survey. The survey reports are available only to NIH.gov managers, members of the NIH.gov Communications and Web Teams, and other designated staff who require this information to perform their duties.

NIH retains the data from Google Analytics, and ACSI survey results as long as needed to support the mission of the NIH.gov website.


How NIH Uses Cookies

 

The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies allows Federal agencies to use session and persistent cookies.

When you visit any Web site, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected.

The cookie makes it easier for you to use the dynamic features of Web pages. Cookies from NIH Web pages only collect information about your browser’s visit to the site; they do not collect personal information about you.

There are two types of cookies, single session (temporary), and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.

Session Cookies

We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1 — Single Session.” The policy says, "This tier encompasses any use of single session web measurement and customization technologies."

Persistent Cookies

We use persistent cookies to enable Webtrends and Google Analytics to differentiate between new and returning NIH.gov visitors. Persistent cookies remain on your computer between visits to NIH.gov until they expire. We also use persistent cookies to block repeated invitations to take the ACSI survey. The persistent cookies that block repeated survey invitations expire in 90 days. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2 — Multi-session without Personally Identifiable Information (PII).” The policy says, "This tier encompasses any use of multi-session Web measurement and customization technologies when no PII is collected."


How to Opt Out or Disable Cookies

 

If you do not wish to have session or persistent cookies placed on your computer, you can disable them using your Web browser. If you opt out of cookies, you will still have access to all information and resources at NIH.gov. Instructions for disabling or opting out of cookies in the most popular browsers are located at http://www.usa.gov/optout_instructions.shtml. Please note that by following the instructions to opt-out of cookies, you will disable cookies from all sources, not just those from NIH.gov. 

 

How Personal Information Is Protected

 

You do not have to give us personal information to visit the NIH Web sites. However, if you choose to receive alerts or e-newsletters, we collect your email address to complete the subscription process.

If you choose to provide us with personally identifiable information, that is, information that is personal in nature and which may be used to identify you, through an e-mail message, request for information, paper or electronic form, questionnaire, customer satisfaction survey, epidemiology research study, etc., we will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

If NIH operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide personally identifiable information. The notice must address the following five criteria:

  1. NIH legal authorization to collect information about you
  2.  
  3. Purpose of the information collection
  4.  
  5. Routine uses for disclosure of information outside of NIH
  6.  
  7. Whether the request made of you is voluntary or mandatory under law
  8.  
  9. Effects of non-disclosure if you choose to not provide the requested information

For further information about NIH privacy policy, please contact the NIH Senior Official for Privacy at privacy@mail.nih.gov; call 301-451-3426 or visit https://oma.od.nih.gov/DMS/Pages/Privacy-Program.aspx.

 

Data Safeguarding and Privacy

 

NIH uses web measurement and customization technologies to help our Web sites function better for visitors and to better understand how the public uses the online resources we provide. All uses of web-based technologies comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems owned and operated by NIH are assessed using Privacy Impact Assessments (PIAs) posted for public view on the Department of Health and Human Services (DHHS) Web site (http://www.hhs.gov/pia/). NIH conducts and publishes a PIA for each use of a third-party website and application (TPWA) as they may have a different functionality or practice. TPWA PIAs are posted for public view on DHHS Web site http://www.hhs.gov/pia/#Third-Party.

Groups of records that contain information about an individual and are designed to be retrieved by the individual’s name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy Website. When you visit the NIH Institute/Center sites, please look for the Privacy Notice posted on the main pages. When web measurement and customization technologies are used, the Privacy Policy/Notice must provide:

  • Purpose of the web measurement and/or customization technology;
  •  
  • Usage tier, session type, and technology used;
  •  
  • Nature of the information collected;
  •  
  • Purpose and use of the information;
  •  
  • Whether and to whom the information will be disclosed;
  •  
  • Privacy safeguards applied to the information;
  •  
  • Data retention policy for the information;
  •  
  • Whether the technology is enabled by default or not and why;
  •  
  • How to opt-out of the web measurement/customization technology;
  •  
  • Statement that opting-out still permits users to access comparable information or services; and,
  •  
  • Identities of all third-party vendors involved in the measurement and customization process. 
 

Data Retention and Access Limits

 

NIH will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic Records,' and will be handled per the requirements of that schedule (http://www.archives.gov/records-mgmt/grs/grs20.html).​​​​​ 


Types of Information Collected

 

When you browse through any Web site, certain information about your visit can be collected. We automatically collect and temporarily store the following type of information about your visit: 

  • Domain from which you access the Internet;
  •  
  • IP address (an IP address is a number that is automatically assigned to a computer when surfing the Web);
  •  
  • Operating system and information about the browser used when visiting the site;
  •  
  • Date and time of your visit;
  •  
  • Pages you visited;
  •  
  • Address of the Web site that connected you to an NIH Web site (such as google.com or bing.com); and,
  •  
  • Demographic and interest data.

We use this information to measure the number of visitors to our site and its various sections and to help make our site more useful to visitors. This information cannot be used to identify you as an individual. 

 

How NIH Collects Information

 

NIH.gov uses Google Analytics to collect the information in the bulleted list in the Types of Information Collected section above. Google Analytics gathers information automatically and continuously. No Personally Identifiable Information (PII) is collected. NIH staff conducts analyses and reports on the aggregated data from Google Analytics and those reports are only available to NIH.gov managers, members of the NIH.gov communications and web teams, and other designated staff who require this information to perform their duties. 

Additionally, NIH.gov participates in the Digital Analytics Program (DAP), in which Google Analytics data is collected from websites across the Federal Government. For more information on DAP, please visit the DigitalGov website

NIH also uses online surveys to collect opinions and feedback from a random sample of visitors. NIH.gov uses the ForeSee Results’ American Customer Satisfaction Index (ACSI) online survey to obtain feedback and data on visitors’ satisfaction with the NIH.gov website. This survey does not collect PII. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the NIH.gov site as those who do not take the survey. The survey reports are available only to NIH.gov managers, members of the NIH.gov Communications and Web Teams, and other designated staff who require this information to perform their duties. 

NIH retains the data from Google Analytics, and ACSI survey results as long as needed to support the mission of the NIH.gov website.  

 

How NIH Uses Cookies

 

The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies allows Federal agencies to use session and persistent cookies. 

When you visit any Web site, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected. 

The cookie makes it easier for you to use the dynamic features of Web pages. Cookies from NIH Web pages only collect information about your browser’s visit to the site; they do not collect personal information about you. 

There are two types of cookies, single session (temporary), and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.

Session Cookies

We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1 — Single Session.” The policy says, "This tier encompasses any use of single session web measurement and customization technologies."

Persistent Cookies

We use persistent cookies to enable Webtrends and Google Analytics to differentiate between new and returning NIH.gov visitors. Persistent cookies remain on your computer between visits to NIH.gov until they expire. We also use persistent cookies to block repeated invitations to take the ACSI survey. The persistent cookies that block repeated survey invitations expire in 90 days. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2 — Multi-session without Personally Identifiable Information (PII).” The policy says, "This tier encompasses any use of multi-session Web measurement and customization technologies when no PII is collected." 

 

How to Opt Out or Disable Cookies

 

If you do not wish to have session or persistent cookies placed on your computer, you can disable them using your Web browser. If you opt out of cookies, you will still have access to all information and resources at NIH.gov. Instructions for disabling or opting out of cookies in the most popular browsers are located at http://www.usa.gov/optout_instructions.shtml. Please note that by following the instructions to opt-out of cookies, you will disable cookies from all sources, not just those from NIH.gov. 

 

How Personal Information Is Protected

 

You do not have to give us personal information to visit the NIH Web sites. However, if you choose to receive alerts or e-newsletters, we collect your email address to complete the subscription process. 

If you choose to provide us with personally identifiable information, that is, information that is personal in nature and which may be used to identify you, through an e-mail message, request for information, paper or electronic form, questionnaire, customer satisfaction survey, epidemiology research study, etc., we will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). 

If NIH operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide personally identifiable information. The notice must address the following five criteria: 

  1. NIH legal authorization to collect information about you
  2.  
  3. Purpose of the information collection
  4.  
  5. Routine uses for disclosure of information outside of NIH
  6.  
  7. Whether the request made of you is voluntary or mandatory under law
  8.  
  9. Effects of non-disclosure if you choose to not provide the requested information 

For further information about NIH privacy policy, please contact the NIH Senior Official for Privacy at privacy@mail.nih.gov; call 301-451-3426 or visithttps://oma.od.nih.gov/DMS/Pages/Privacy-Program.aspx


Data Safeguarding and Privacy


NIH uses web measurement and customization technologies to help our Web sites function better for visitors and to better understand how the public uses the online resources we provide. All uses of web-based technologies comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems owned and operated by NIH are assessed using Privacy Impact Assessments (PIAs) posted for public view on the Department of Health and Human Services (DHHS) Web site (http://www.hhs.gov/pia/). NIH conducts and publishes a PIA for each use of a third-party website and application (TPWA) as they may have a different functionality or practice. TPWA PIAs are posted for public view on DHHS Web site http://www.hhs.gov/pia/#Third-Party.
 

Groups of records that contain information about an individual and are designed to be retrieved by the individual’s name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy Website. When you visit the NIH Institute/Center sites, please look for the Privacy Notice posted on the main pages. When web measurement and customization technologies are used, the Privacy Policy/Notice must provide: 

  • Purpose of the web measurement and/or customization technology;
  •  
  • Usage tier, session type, and technology used;
  •  
  • Nature of the information collected;
  •  
  • Purpose and use of the information;
  •  
  • Whether and to whom the information will be disclosed;
  •  
  • Privacy safeguards applied to the information;
  •  
  • Data retention policy for the information;
  •  
  • Whether the technology is enabled by default or not and why;
  •  
  • How to opt-out of the web measurement/customization technology;
  •  
  • Statement that opting-out still permits users to access comparable information or services; and,
  •  
  • Identities of all third-party vendors involved in the measurement and customization process. 
 

Data Retention and Access Limits

 

NIH will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic Records,' and will be handled per the requirements of that schedule (http://www.archives.gov/records-mgmt/grs/grs20.html).​​​​​​​