Effective date: May 19, 2020
Thanks for entrusting Aristotle.cloud (“Aristotle”, “we”) with your projects and your personal information. Holding on to your private information is a serious responsibility, and we want you to know how we’re handling it.
The controller responsible for the processing of your personal information in connection with the Service is Aristotle Cloud Services Australia, Suite 2 Level 7, 490 Northbourne, Ave. Dickson, ACT. 2602. firstname.lastname@example.org
All capitalized terms have their definition in Aristotle.Cloud’s Terms of Service, unless otherwise noted here.
The short version
As described below: We use your personal information as this Privacy Statement describes. No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.
Of course, the short version and the Summary below don’t tell you everything, so please read on for more details.
|What can you find there?
|What information Aristotle collects
|Aristotle collects information directly from you for your registration and user profile. We also automatically collect from you your usage information, cookies and similar technologies, and device information, subject, where necessary, to your consent. Aristotle may also collect User Personal Information from third parties. We only collect the minimum amount of personal information necessary from you, unless you choose to provide more.
|What information Aristotle does not collect
|We don’t knowingly collect information from children under 13, and we don’t collect Sensitive Personal Information.
|How Aristotle uses your information
|In this section, we describe the ways in which we use your information, including to provide you the Service, to communicate with you, for security purposes, and to improve our Service. We also describe the legal basis upon which we process your information, where legally required.
|How we share the information we collect
|We may share your information with third parties under one of the following circumstances: with your consent, with our service providers, for security purposes, to comply with our legal obligations, or when there is a change of control or sale of corporate entities or business units. We do not sell your personal information and we do not host advertising on Aristotle.Cloud. You can see a list of the service providers that access your information.
|Other important information
|We provide additional information specific to repository contents, public information, and Organizations on Aristotle.
|How you can access and control the information we collect
|We provide ways for you to access, alter, or delete your personal information.
|How Aristotle secures your information
|We take all measures reasonably necessary to protect the confidentiality, integrity, and availability of your personal information on Aristotle and to protect the resilience of our servers.
|Aristotle’s global privacy practices
|We provide a high standard of privacy protection to all our users around the world.
|How we communicate with you
|We communicate with you by email. You can control the way we contact you in your account settings, or by contacting us.
|In the unlikely event that we are unable to resolve a privacy concern quickly and thoroughly, we provide a path of dispute resolution through external arbiters.
|Changes to our Privacy Statement
|We notify you of material changes to this Privacy Statement 30 days before any such changes become effective. You may also track changes in our Site Policy repository.
|Please feel free to contact us if you have questions about our Privacy Statement.
Aristotle Privacy Statement
What information Aristotle collects
“User Personal Information” is any information about one of our Users which could, alone or together with other information, personally identify them or otherwise be reasonably linked or connected with them. Information such as a username and password, an email address, a real name, an Internet protocol (IP) address, and a photograph are examples of “User Personal Information.”
User Personal Information does not include aggregated, non-personally identifying information that does not identify a User or cannot otherwise be reasonably linked or connected with them. We may use such aggregated, non-personally identifying information for research purposes and to operate, analyze, improve, and optimize our Website and Service.
Information users provide directly to Aristotle
We require some basic information at the time of account creation. When you create your own username and password, we ask you for a valid email address.
You may choose to give us more information for your Account profile, such as your full name and an avatar which may include a photograph. This information may include User Personal Information. Please note that your profile information may be visible to other Users of our Service.
Information Aristotle automatically collects from your use of the Service
If you’re accessing our Service or Website, we automatically collect the same basic information that most services collect, subject, where necessary, to your consent. This includes information about how you use the Service, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to the Website, whether they have an Account or not. This information may include User Personal information.
Cookies and Similar Technologies Information
As further described below, and subject, where applicable, to your consent, we automatically collect information from cookies and similar technologies (such as cookie ID and settings) to keep you logged in, to remember your preferences, and to identify you and your device.
We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include User Personal information.
Information we collect from third parties
Aristotle may collect User Personal Information from third parties. For example, this may happen if you sign up for training or to receive information about Aristotle from one of our vendors, partners, or affiliates. Aristotle does not purchase User Personal Information from third-party data brokers.
What information Aristotle does not collect
We do not intentionally collect “Sensitive Personal Information”, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you are a child under the age of 13, you may not have an Account on Aristotle. Aristotle does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a User who is under the age of 13, we will have to close your Account. Please see our Terms of Service for information about Account termination. Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not have an Account on Aristotle.
How Aristotle uses your information
- We may use your information for the following purposes:
- We use your Registration Information to create your account, and to provide you the Service.
- We use your User Personal Information, specifically your username, to identify you on Aristotle.cloud.
- We use your Profile Information to fill out your Account profile and to share that profile with other users if you ask us to.
- We use your email address to communicate with you, if you’ve said that’s okay, and only for the reasons you’ve said that’s okay. Please see our section on email communication for more information.
- We use User Personal Information to respond to support requests.
- We may use User Personal Information to invite you to take part in surveys, beta programs, or other research projects, subject, where necessary, to your consent.
- We use Usage Information and Device Information to better understand how our Users use Aristotle and to improve our Website and Service.
- We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm Aristotle or our Users.
- We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first.
Our legal bases for processing information
To the extent that our processing of your User Personal Information is subject to certain international laws (including, but not limited to, the European Union’s General Data Protection Regulation (GDPR)), Aristotle is required to notify you about the legal basis on which we process User Personal Information. Aristotle processes User Personal Information on the following legal bases:
- Contract Performance:
- When you create a Aristotle Account, you provide your Registration Information. We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
- We rely on your consent to use your User Personal Information under the following circumstances: when you fill out the information in your user profile; when you decide to participate in Aristotle Metadata training, research project, beta program, or survey; and for marketing purposes, where applicable. All of this User Personal Information is entirely optional, and you have the ability to access, modify, and delete it at any time. While you are not able to delete your email address entirely, you can make it private. You may withdraw your consent at any time.
- Legitimate Interests:
- Generally, the remainder of the processing of User Personal Information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of Aristotle.Cloud systems, Website, and Service.
- If you would like to request deletion of data we process on the basis of consent or if you object to our processing of personal information, please use our Privacy contact form.
How we share the information we collect
We may share your User Personal Information with third parties under one of the following circumstances:
With your consent
We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. Additionally, you may direct us through your actions on Aristotle to share your User Personal Information. For example, if you join an Organization, you indicate your willingness to provide the owner of the Organization with the ability to view your activity in the Organization’s access log.
With service providers
We share User Personal Information with a limited number of service providers who process it on our behalf to provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our Privacy Statement by signing data protection agreements or making similar commitments. Our service providers perform payment processing, customer support ticketing, network data transmission, security, and other similar services. While Aristotle processes all User Personal Information in Australia, our service providers may process data outside of Australia or the European Union. If you would like to know who our service providers are, please see our page on Subprocessors.
For security purposes
If you are a member of an Organization, Aristotle may share your username, Usage Information, and Device Information associated with that Organization with an owner and/or administrator of the Organization who has agreed to the Corporate Terms of Service or applicable customer agreements, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.
For legal disclosure
Aristotle strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. Aristotle may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.
Change in control or sale
We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.
Aggregate, non-personally identifying information
We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Aristotle, or how our users respond to our other offerings, such as at conferences or events.
We do not sell your User Personal Information for monetary or other consideration.
Other important information
Stewardship Organisation contents
Aristotle personnel do not access private Stewardship Organisations unless required to for security purposes, to assist the repository owner with a support matter, to maintain the integrity of the Service, or to comply with our legal obligations. However, while we do not generally search for content in your Stewardship Organisations, we may scan our servers and content to detect certain tokens or security signatures, known active malware, or other content known to violate our Terms, such as violent extremist or terrorist content or child exploitation imagery, based on algorithmic fingerprinting techniques. Our Terms of Service provides more details.
If your Stewardship Organisation is public, anyone may view its contents. If you include private, confidential or Sensitive Personal Information, such as email addresses or passwords, in your public repository, that information may be indexed by search engines or used by third parties.
Please see more about User Personal Information in public repositories.
Public information on Aristotle
Many of Aristotle services and features are public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your profile or repositories or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing Aristotle information. Other third parties, such as data brokers, have been known to scrape Aristotle and compile data as well.
Your User Personal Information associated with your content could be gathered by third parties in these compilations of Aristotle data. If you do not want your User Personal Information to appear in third parties’ compilations of Aristotle data, please do not make your User Personal Information publicly available .
You may indicate, through your actions on Aristotle, that you are willing to share your User Personal Information. If you collaborate on or become a member of a Stewardship Organisation, then its Account owners may receive your User Personal Information. When you accept an invitation to a Stewardship Organisation, you will be notified of the types of information owners may be able to see. If you accept an invitation to a Stewardship Organisation, then the owners of that Stewardship Organisation will be able to see your full email address(es) within that Stewardship Organisation’s verified domain(s).
Please note, Aristotle may share your username, Usage Information, and Device Information with the owner of the Stewardship Organisation you are a member of, to the extent that your User Personal Information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Stewardship Organisation.
If you collaborate on or become a member of an Account that has agreed to the Enterprise Terms of Service and a Data Protection Addendum (DPA) to this Privacy Statement, then that DPA governs in the event of any conflicts between this Privacy Statement and the DPA with respect to your activity in the Account.
Please contact the Account owners for more information about how they might process your User Personal Information in their Stewardship Organisation and the ways for you to access, update, alter, or delete the User Personal Information stored in the Account.
How you can access and control the information we collect
If you’re already an Aristotle user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting Aristotle Support. You can control the information we collect about you by limiting what information is in your profile, by keeping your information current, or by contacting Aristotle Support.
If Aristotle processes information about you, such as information Aristotle receives from third parties, and you do not have an account, then you may, subject to applicable law, access, update, alter, delete, or object to the processing of your personal information by contacting Aristotle Support.
As an Aristotle User, you can always take your data with you. You can export all content owned by you using the appropriate API.
Data retention and deletion of data
Generally, Aristotle retains User Personal Information for as long as your account is active or as needed to provide you services.
If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. You may contact Aristotle Support to request the erasure of the data we process on the basis of consent within 30 days.
After an account has been deleted, certain data, such as contributions to other Stewardship Organisations, discussion posts, and comments in others’ issues, will remain.
We provide a web page on cookies and tracking that describes the cookies we set, the needs we have for those cookies, and the types of cookies they are (temporary or permanent). It also lists our third-party analytics providers and other service providers, and details exactly which parts of our Website we permit them to track.
Tracking and analytics
We use a number of third-party analytics and service providers to help us evaluate our Users’ use of Aristotle, compile statistical reports on activity, and improve our content and Website performance. We only use these third-party analytics providers on certain areas of our Website, and all of them have signed data protection agreements with us that limit the type of User Personal Information they can collect and the purpose for which they can process the information. In addition, we use our own internal analytics software to provide features and improve our content and performance.
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Aristotle responds to browser DNT signals and follows the W3C standard for responding to DNT signals. If you have not enabled DNT on a browser that supports it, cookies on some parts of our Website will track your online browsing activity on other online services over time, though we do not permit third parties other than our analytics and service providers to track Aristotle Users’ activity over time on Aristotle.
How Aristotle secures your information
Aristotle takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
Aristotle enforces a written security information program. Our program:
- aligns with industry recognized frameworks;
- includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our Users’ data;
- is appropriate to the nature, size, and complexity of Aristotle’s business operations;
- includes incident response and data breach notification processes; and
- complies with applicable information security-related laws and regulations in the geographic regions where Aristotle does business.
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay.
Transmission of data on Aristotle is encrypted using SSH, HTTPS (TLS), and content is encrypted at rest. We manage our own cages and racks at top-tier data centers with high level of physical and network security, and when data is stored with a third-party storage provider, it is encrypted.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
Aristotle’s global privacy practices
We store and process the information that we collect in Australia in accordance with this Privacy Statement though our service providers may store and process data outside Australia. However, we understand that we have Users from different countries and regions with different privacy expectations, and we try to meet those needs even when Australia does not have the same privacy framework as other countries.
We provide a high standard of privacy protection—as described in this Privacy Statement—to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.
- Aristotle provides clear methods of unambiguous, informed, specific, and freely given consent at the time of data collection, when we collect your User Personal Information using consent as a basis.
- We collect only the minimum amount of User Personal Information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
- We offer you simple methods of accessing, altering, or deleting the User Personal Information we have collected, where legally permitted.
- We provide our Users notice, choice, accountability, security, and access regarding their User Personal Information, and we limit the purpose for processing it. We also provide our Users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.
How we communicate with you
We use your email address to communicate with you. For example, if you contact our Support team with a request, we respond to you via email.
Depending on your email settings, Aristotle may occasionally send notification emails about new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There’s an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications.
Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
If you have concerns about the way Aristotle is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by filling out the Privacy contact form. You may also email us directly at email@example.com with the subject line “Privacy Concerns.” We will respond promptly — within 45 days at the latest.
You may also contact our Office directly.
|Suite 2 Level 7, 490 Northbourne Ave.
|Dickson, ACT. 2602
Dispute resolution process
In the unlikely event that a dispute arises between you and Aristotle regarding our handling of your User Personal Information, we will do our best to resolve it. If we cannot, we have selected to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals. Please contact us if you’d like us to direct you to your data protection authority contacts.
Additionally, if you are a resident of an EU member state, you have the right to file a complaint with your local supervisory authority.
Under certain limited circumstances, EU, European Economic Area (EEA), Swiss, and UK individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield. Arbitration is not mandatory; it is a tool you can use if you so choose.
We are subject to the jurisdiction of the Australian Trade Commission.
Changes to our Privacy Statement
Although most changes are likely to be minor, Aristotle may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your Aristotle account. We will also update our website, which tracks all changes to this policy. For changes to this Privacy Statement that are not material changes or that do not affect your rights, we encourage Users to check our website frequently.
Questions regarding Aristotle’s Privacy Statement or information practices should be directed to our Privacy contact form.