Privacy policy

This page outlines our policies and approaches to data protection, and the privacy issues surrounding your use of the COSMIC website and related resources. This page should be read in conjunction with the legal, cookie and data sharing polices of the Wellcome Sanger Institute.

If you have any questions or concerns about the use or handling of data within COSMIC, please contact us.

Web analytics

We use several analytics packages to track the usage of the COSMIC website. These include:

We use analytics to help us understand the patterns of usage of the website and to inform our decision making when it comes to planning new features and new visualisations. We make no attempt to track or identify individual users.

Several pages in COSMIC embed the JBrowse genome browser. JBrowse sends some anonymous analytics data back to the JBrowse authors when it loads, including the JBrowse version, any JBrowse plugins that are in use, and the types of tracks that are being displayed. No identifiable information is recorded and no specific information about the data in the browser is sent.

Do Not Track

If you are concerned about being tracked by analytics packages, on the COSMIC website or elsewhere, you can configure your browser to send a special "Do Not Track" header with each request. The DNT header instructs analytics tools not to track your usage of the websites that you visit. You can enable DNT in chrome, firefox, Microsoft Edge and most other browsers.

Cookies

Cookies are small snippets of data that browsers store on your computer on behalf of websites that you visit. Many sites make extensive use of cookies in order to implement analytics, for the provision of features within the site, or to keep you logged in between visits. We use cookies for all of these purposes in the COSMIC website.

Cookie consent

Under the EU's General Data Protection Regulation (GDPR), in force from 25th May 2018, websites like ours are required to give users the option to refuse cookies. COSMIC includes a tool, shown at the bottom right corner of every page, which allows you to choose to accept or reject cookies. You can open the tool and change your cookie settings at any time. The tool itself will record your choices in your browser's local storage but if you choose to refuse cookies that is the only data that is stored.

The types of cookies used by COSMIC fall into three categories:

Essential cookies are those that are required to enable core functionality, such as maintaining user logins. You can not decline these cookies using the cookie consent tool, because to do so would break core features of the website. You can, however, still turn off these cookies using the cookie handling features of your browser. Note that if you opt to refuse essential cookies, the COSMIC website will not function properly in all cases.

Analytics cookies are those that are used by our analytics packages. Turning off consent for cookies from these tools will reduce the effectiveness of the statistics that we collect on the usage of COSMIC, but it will not affect the functionality that you see as a user.

Social cookies are those used by Twitter to make the "Follow" widget work. If you switch off consent for social cookies, the Twitter widget will revert to a simple link but the functionality of the rest of the site will be unaffected. Note that we are unable to remove the third-party cookies set by the Twitter widget, so you will need to use your browser's cookie management tools to remove these cookies yourself.

These are the cookies that we use:

Purpose Cookies
Google Analytics (GA) Google Analytics uses multiple cookies to capture anonymous data about a user's visit to our site. You can read full details about the GA cookies in their documentation.
Cookie name Expiration time Description
_ga 2 years Used to distinguish users
_gid 2 years Used to distinguish users
_gat 1 minute Used to throttle request rate
Piwik/Matomo Another analytics package, used across all Sanger sites to provide standardised reporting for all resources. You can read about the cookies set by Piwik/Matomo in their FAQs.
Cookie name Expiration time Description
_pk_ref 6 months Records the URL that referred the user to the COSMIC website
_pk_id 30 minutes Used by Piwik for internal statistics
_pk_id 1 year Stores an ID for the user, allowing Piwik to recognise returning visitors
_pk_ses session, upto 30 minutes after last tracked action Used to keep a user's session open
_pk_hsr session Used by the Piwik heatmap and session recording plugin
Hotjar We use Hotjar to analyse how users are interacting with the COSMIC website, mainly through the use of heatmaps showing where users are clicking on our pages. You can read Hotjar's privacy policy on their website.
Cookie name Expiration time Description
_hjIncludedInSample 1 year A session cookie used by Hotjar to record whether a visitor is included in the sample set
Session cookie Used to maintain a user's login session.
Cookie name Expiration time Description
cosmic_session 2 hours Stores a session ID, allowing the site to keep the user logged in between requests.
Genome version COSMIC annotates features on two versions of the human genome and the website lets users switch between them using a menu dropdown.
Cookie name Expiration time Description
genome_version persistent Records which version of the genome the user has chosen
Cookie control When a user first visits COSMIC we show a banner letting them know that we will store cookies. We provide a tool allowing them to choose the broad types of cookies that we will use. The cookie control tool uses its own cookies to record the user's preferences.
Cookie name Expiration time Description
cosmic-analytics persistent Records that the user's preferences for analytics cookies
cosmic-social persistent Records that the user's preferences for social media cookies
Pagesmith Pagesmith is a toolkit that we use to build some components of the website.
Cookie name Expiration time Description
Pagesmith persistent Stores various settings for user-interface components
Page configuration Some pages in the COSMIC site, such as the gene page, can be re-ordered by dragging-and-dropping or hiding components of the page. We use cookies to keep track of the user's configuration for each individual tabbed page, so that we can set up the page in the same order on each visit. We use a separate cookie for each type of page, i.e. ordering-gene-page, visibility-mutation-page, etc.
Cookie name Expiration time Description
ordering-*
visibility-*
persistent Stores page order and component visibility for tabbed pages
Genome browser Various COSMIC pages embed the JBrowse genome browser. JBrowse uses cookies to store some information about the session.
Cookie name Expiration time Description
GenomeBrowser-location 2 months Coordinates for the region of the genome being viewed
GenomeBrowser-refseq session Stores the chromosome for the view region
GenomeBrowser-tracks 2 months Records which tracks were turned on in the genome browser
GenomeBrowser-recentTracks 2 months Records tracks that were recently used

On some pages, we use a Twitter widget to allow users to follow our Twitter account. The widget is served from the Twitter servers, rather than by our servers, so it brings with it a set of cookies specific to the twitter.com domain. You can read about Twitter's use of cookies on their site.

Logging

Website logs

Like most websites, COSMIC maintains extensive logs of the traffic on the site. These logs include details of the requests that were made, the error status or otherwise of each request, and rudimentary details of the software that was used to make the request. Every log entry includes the IP address of the computer where the request originated.

We monitor the website logs primarily to ensure quality of service and to look for abusive or disruptive behaviour. Though we do not attempt to identify users from their IP address, we reserve the right to use the logged IP address in order to implement rate limiting and blocking, in cases where we detect usage that is in breach of our acceptable use policy.

We have no mechanism within the COSMIC website to track the browsing behaviour of a specific user and we make no attempt to do so. Your browsing history cannot be correlated against your registered email address, even when you are signed in on the website.

Download logs

In addition to the logging performed by the web servers that run the COSMIC website, we maintain separate, additional logs related to the downloading of COSMIC data. These logs are correlated with your registered email address, since you must be signed into the website in order to download data. When a user downloads a file via our download page, we log their registered email address, the file that they have downloaded, and a timestamp.

Download logs are recorded for all three download methods: whole file downloads via the download page, filtered downloads via the download page, and whole file downloads via the download API.

We use these logs only in aggregate, such as for generating statistics about which of our files are most popular with different segments of our user base. We never use the logs for tracking the behaviour of individual users.

Sanger logs

Requests to the COSMIC website arrive at our servers via a load balancer that is operated by the Sanger web team. The Sanger load balancer also records logging information, both about COSMIC and every other website operated within Sanger. These logs are used, again, to ensure quality of service across the institute's web resources and to provide aggregate data about the range of services that the institute provides. You can read more about the data protection policies in place to protect this information in the pages documenting the legal, cookie and data sharing polices of the Wellcome Sanger Institute.

Dissemination

Log files containing user-identifiable information, such as the COSMIC download logs, are stored in our secure user account database. Access to the logs is restricted to only those members of the COSMIC team who need to use the logs for analytics or account membership purposes are given permission to connect to the database or use the administration interface. We do not distribute log data to users outside of the immediate group, and no data will ever be passed to third-parties for any purpose.

User data

Use of the COSMIC website is entirely free for all users, but we operate a registration and licensing system for the downloading of COSMIC data. Registration is free for users from academic organisations, but we apply licence fees for commercial organisations.

In order to manage our user registrations, we maintain a database of users. When you register for COSMIC we collect the following pieces of personally identifiable data:

User-identifiable data, including download logs from the COSMIC website, are stored in a separate database within in isolated network zone and backed by an encrypted filesystem. Access to the database and data is restricted to those members of the COSMIC team who are responsible for its administration, and to the Sanger database administrators who manage the database itself.

As part of the registration process you will be required to agree to our terms and conditions. When registering we recommend that you use a strong, unique password. We strongly suggest that you don't re-use passwords from other sites. If you have any reason to suspect that your password has been compromised, reset it on the account page.

Email consent

In May 2018, the General Data Protection Regulation (GDPR) came into force in the UK. GDPR is a Europe-wide set of regulations that defines, amongst other things, the rules under which companies and organisations may send emails to users.

In order to verify the academic or commercial email address for a registered user, we need to send a periodic email to that address. When registering for a COSMIC account you will therefore need to agree to receiving emails for the purpose of maintaining your account. If you do not consent to receiving these maintenance emails, we will be unable to validate your academic or licenced status and you will not be able to create a COSMIC account.

We will also ask you to consent to receiving occasional information emails. These information emails will be low frequency and will be restricted to notifying you of important events, such as new COSMIC releases, advanced warning of system downtime, etc.

Your registered email address will be held in strictest confidence within COSMIC. It will never be passed on to third-parties and will not be used for emails that are unrelated to COSMIC.

Social media

COSMIC operates several social media accounts, including Twitter (@cosmic_sanger) and Facebook (cosmic.sanger). We use these accounts purely as a way of engaging with users and keeping them abreast of developments within COSMIC. We do not track or otherwise record followers, likes or other interactions through our social media accounts.

Use of any social media account has associated privacy and security implications and we would encourage users to make themselves aware of the privacy issues surrounding these platforms.