Privacy policy
This page outlines our policies and approaches to data protection, and the privacy issues surrounding your use of the COSMIC website and related resources. This page should be read in conjunction with the legal, cookie and data sharing polices of the Wellcome Sanger Institute.
If you have any questions or concerns about the use or handling of data within COSMIC, please contact us.
Web analytics
We use several analytics packages to track the usage of the COSMIC website. These include:
We use analytics to help us understand the patterns of usage of the website and to inform our decision making when it comes to planning new features and new visualisations. We make no attempt to track or identify individual users.
Several pages in COSMIC embed the JBrowse genome browser. JBrowse sends some anonymous analytics data back to the JBrowse authors when it loads, including the JBrowse version, any JBrowse plugins that are in use, and the types of tracks that are being displayed. No identifiable information is recorded and no specific information about the data in the browser is sent.
Do Not Track
If you are concerned about being tracked by analytics packages, on the COSMIC website or elsewhere, you can configure your browser to send a special "Do Not Track" header with each request. The DNT header instructs analytics tools not to track your usage of the websites that you visit. You can enable DNT in chrome, firefox, Microsoft Edge and most other browsers.
Cookies
Cookies are small snippets of data that browsers store on your computer on behalf of websites that you visit. Many sites make extensive use of cookies in order to implement analytics, for the provision of features within the site, or to keep you logged in between visits. We use cookies for all of these purposes in the COSMIC website.
Cookie consent
Under the EU's General Data Protection Regulation (GDPR), in force from 25th May 2018, websites like ours are required to give users the option to refuse cookies. COSMIC includes a tool, shown at the bottom right corner of every page, which allows you to choose to accept or reject cookies. You can open the tool and change your cookie settings at any time. The tool itself will record your choices in your browser's local storage but if you choose to refuse cookies that is the only data that is stored.
The types of cookies used by COSMIC fall into three categories:
- essential
- analytics-related
- social
Essential cookies are those that are required to enable core functionality, such as maintaining user logins. You can not decline these cookies using the cookie consent tool, because to do so would break core features of the website. You can, however, still turn off these cookies using the cookie handling features of your browser. Note that if you opt to refuse essential cookies, the COSMIC website will not function properly in all cases.
Analytics cookies are those that are used by our analytics packages. Turning off consent for cookies from these tools will reduce the effectiveness of the statistics that we collect on the usage of COSMIC, but it will not affect the functionality that you see as a user.
Social cookies are those used by Twitter to make the "Follow" widget work. If you switch off consent for social cookies, the Twitter widget will revert to a simple link but the functionality of the rest of the site will be unaffected. Note that we are unable to remove the third-party cookies set by the Twitter widget, so you will need to use your browser's cookie management tools to remove these cookies yourself.
These are the cookies that we use:
Purpose | Cookies | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Google Analytics (GA) |
Google Analytics uses multiple cookies to capture anonymous data
about a user's visit to our site. You can read full details about the
GA cookies in their
documentation.
|
||||||||||||||||||
Piwik/Matomo |
Another analytics package, used across all Sanger sites to provide
standardised reporting for all resources. You can read about the
cookies set by Piwik/Matomo in their
FAQs.
|
||||||||||||||||||
Hotjar |
We use Hotjar to analyse how
users are interacting with the COSMIC website, mainly through the
use of heatmaps showing where users are clicking on our pages. You
can read Hotjar's
privacy policy on their
website.
|
||||||||||||||||||
Session cookie |
Used to maintain a user's login session.
|
||||||||||||||||||
Genome version |
COSMIC annotates features on two versions of the human genome and
the website lets users switch between them using a menu dropdown.
|
||||||||||||||||||
Cookie control |
When a user first visits COSMIC we show a banner letting them know
that we will store cookies. We provide a tool allowing them to choose
the broad types of cookies that we will use. The cookie control tool
uses its own cookies to record the user's preferences.
|
||||||||||||||||||
Pagesmith |
Pagesmith is a toolkit that we use to build some components of the
website.
|
||||||||||||||||||
Page configuration |
Some pages in the COSMIC site, such as the
gene page, can be
re-ordered by dragging-and-dropping or hiding components of the page.
We use cookies to keep track of the user's configuration for each
individual tabbed page, so that we can set up the page in the same
order on each visit. We use a separate cookie for each type of page,
i.e. ordering-gene-page ,
visibility-mutation-page , etc.
|
Genome browser |
Various COSMIC pages embed the JBrowse
genome browser. JBrowse uses cookies to store some information about the
session.
|
On some pages, we use a Twitter widget to allow users to follow our Twitter
account. The widget is served from the Twitter servers, rather than by our
servers, so it brings with it a set of cookies specific to the
twitter.com
domain. You can read about Twitter's
use of cookies on their site.
Logging
Website logs
Like most websites, COSMIC maintains extensive logs of the traffic on the site. These logs include details of the requests that were made, the error status or otherwise of each request, and rudimentary details of the software that was used to make the request. Every log entry includes the IP address of the computer where the request originated.
We monitor the website logs primarily to ensure quality of service and to look for abusive or disruptive behaviour. Though we do not attempt to identify users from their IP address, we reserve the right to use the logged IP address in order to implement rate limiting and blocking, in cases where we detect usage that is in breach of our acceptable use policy.
We have no mechanism within the COSMIC website to track the browsing behaviour of a specific user and we make no attempt to do so. Your browsing history cannot be correlated against your registered email address, even when you are signed in on the website.
Download logs
In addition to the logging performed by the web servers that run the COSMIC website, we maintain separate, additional logs related to the downloading of COSMIC data. These logs are correlated with your registered email address, since you must be signed into the website in order to download data. When a user downloads a file via our download page, we log their registered email address, the file that they have downloaded, and a timestamp.
Download logs are recorded for all three download methods: whole file downloads via the download page, filtered downloads via the download page, and whole file downloads via the download API.
We use these logs only in aggregate, such as for generating statistics about which of our files are most popular with different segments of our user base. We never use the logs for tracking the behaviour of individual users.
Sanger logs
Requests to the COSMIC website arrive at our servers via a load balancer that is operated by the Sanger web team. The Sanger load balancer also records logging information, both about COSMIC and every other website operated within Sanger. These logs are used, again, to ensure quality of service across the institute's web resources and to provide aggregate data about the range of services that the institute provides. You can read more about the data protection policies in place to protect this information in the pages documenting the legal, cookie and data sharing polices of the Wellcome Sanger Institute.
Dissemination
Log files containing user-identifiable information, such as the COSMIC download logs, are stored in our secure user account database. Access to the logs is restricted to only those members of the COSMIC team who need to use the logs for analytics or account membership purposes are given permission to connect to the database or use the administration interface. We do not distribute log data to users outside of the immediate group, and no data will ever be passed to third-parties for any purpose.
User data
Use of the COSMIC website is entirely free for all users, but we operate a registration and licensing system for the downloading of COSMIC data. Registration is free for users from academic organisations, but we apply licence fees for commercial organisations.
In order to manage our user registrations, we maintain a database of users. When you register for COSMIC we collect the following pieces of personally identifiable data:
- First name
- Last name
- Email address
- Password
- Registration type (academic, commercial, or non-affiliated
- Job title
- Organisation (e.g. university or company name)
- Department (optional)
- City
- Country
- Address (optional)
- Contact phone number (optional)
- Google ID (optional; required for access through Google Big Query/ISB-CGC)
User-identifiable data, including download logs from the COSMIC website, are stored in a separate database within in isolated network zone and backed by an encrypted filesystem. Access to the database and data is restricted to those members of the COSMIC team who are responsible for its administration, and to the Sanger database administrators who manage the database itself.
As part of the registration process you will be required to agree to our terms and conditions. When registering we recommend that you use a strong, unique password. We strongly suggest that you don't re-use passwords from other sites. If you have any reason to suspect that your password has been compromised, reset it on the account page.
Email consent
In May 2018, the General Data Protection Regulation (GDPR) came into force in the UK. GDPR is a Europe-wide set of regulations that defines, amongst other things, the rules under which companies and organisations may send emails to users.
In order to verify the academic or commercial email address for a registered user, we need to send a periodic email to that address. When registering for a COSMIC account you will therefore need to agree to receiving emails for the purpose of maintaining your account. If you do not consent to receiving these maintenance emails, we will be unable to validate your academic or licenced status and you will not be able to create a COSMIC account.
We will also ask you to consent to receiving occasional information emails. These information emails will be low frequency and will be restricted to notifying you of important events, such as new COSMIC releases, advanced warning of system downtime, etc.
Your registered email address will be held in strictest confidence within COSMIC. It will never be passed on to third-parties and will not be used for emails that are unrelated to COSMIC.
Social media
COSMIC operates several social media accounts, including Twitter (@cosmic_sanger) and Facebook (cosmic.sanger). We use these accounts purely as a way of engaging with users and keeping them abreast of developments within COSMIC. We do not track or otherwise record followers, likes or other interactions through our social media accounts.
Use of any social media account has associated privacy and security implications and we would encourage users to make themselves aware of the privacy issues surrounding these platforms.