To create comprehensive reference maps of all human cells—the fundamental units of life—as a basis for both understanding human health and diagnosing, monitoring, and treating disease.
Effective Date: this notice was last amended on 21 November 2023
This Privacy Notice explains how and why Human Cell Atlas collects and processes your personal data when you access our website or access data from the Human Cell Atlas Data Portal (the “HCA Data Portal”). It also describes your data protection rights, including a right to object to some of the processing which Human Cell Atlas carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
If you think data about you has been included within the Human Cell Atlas research resource, please read the Privacy Notice for Donors here.
The controller for the Human Cell Atlas is:
Human Cell Atlas Inc.,
415 Main St Cambridge
MA, 02142-1027
United States
Our email address is privacy@humancellatlas.org. When this notice talks about “we” or “us”, it refers to Human Cell Atlas Inc.
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data:
Please see our cookie notice for further details.
We will use your personal data for the following purposes:
To conduct our business and pursue our legitimate interests, in particular:
Where you give us your consent:
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out above.
The personal data listed above will be disclosed to authorised staff of Human Cell Atlas and authorised staff of suppliers to Human Cell Atlas, such as the data hosting provider and other technical support or advisors. Certain limited information, including name, email and affiliation, may be disclosed openly on the web or to interested third parties (including partners, funders and technology vendors) for purposes of facilitating scientific research. We may also need to share your Personal Data as required to respond to lawful requests and legal process; to protect our rights and property and those of our agents, customers and others, including to enforce our agreements and policies; and in an emergency, to protect our institutions and the safety of our students, faculty and staff or any third party.
If your Personal Data is shared with a third party, we will require that the third party use appropriate measures to protect the confidentiality and security of your Personal Data.
Human Cell Atlas uses data storage facilities provided by AWS and Google in the United States. Human Cell Atlas relies on Standard Contractual Clauses issued by the European Commission to safeguard the data being transferred to the United States. Please contact us if you would like a copy of this.
Human Cell Atlas takes appropriate physical, administrative, and technical measures to protect Personal Data that are consistent with applicable privacy and data security laws and regulations.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. After that time your personal data will be erased (unless we have the statutory right or obligation to keep this data).
This means for example that where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in the future.
For membership records, personal data will be retained for as long as you are a member and, thereafter, for the period during which any claims may be brought. If you register for an account, we will keep information about you for as long as you have an active account and, thereafter, for the period during which any claims may be brought. We consider your account to become nonactive if you have not used it in the last three years.
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us – or our Data Protection Officer – using the details set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
If you have any comments or questions regarding this Privacy Notice or about the processing of your personal data, please contact us at privacy@humancellatlas.org or our Data Protection Officer at dpo.hca@twobirds.com.