Journey North Privacy Notice

Journey North is part of the University of Wisconsin-Madison. Your use of this website is governed by UW-Madison’s Privacy Notice as well as this supplemental notice. We value the privacy of the Journey North community and strive to protect individual privacy by:

  • informing individuals about our practices
  • collecting the minimum amount of personal data necessary for legitimate business purposes and legal compliance
  • limiting access to personal data to appropriate individuals
  • using appropriate physical and technical security measures to protect personal data
  • integrating privacy principles in the design of projects that involve the use of personal data

This policy explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. In order to operate the Services and to maximize your experience of the Services, we may collect and use information, some of which may be considered personal data in your country. Please note that you may choose not to provide us with certain information; by doing so, however, you may not be able to receive the full range of Services from us. If you do not agree with this policy, do not access or use our Services.

  1. DEFINITIONS

In this notice, “personal data” is defined as any recorded information that is about you and from which you can be identified.  It does not include data where your identity has been removed—anonymous data.   Personal data “processing” refers to anything that we do with that information—including collection, use, storage, disclosure, deletion or retention.

“Services” refers to the range of products and services that support Journey North’s scientific research, conservation, education, public outreach, and fundraising and promotional activities.

“We” and “us” refers to the University of Wisconsin-Madison, of which the University of Wisconsin-Madison Arboretum and Journey North are a part.

  1. TYPES OF PERSONAL DATA THAT JOURNEY NORTH COLLECTS  
    1. Information that you provide directly to us in connection with your use of Journey North, such as:
      1. Information that you provide when you register for an account
      2. Content that you post, send, receive, and share, such as:
        1. Bird, butterfly, and other phenological information, including location information
        2. Photos, including images of recognizable people
        3. Videos
        4. Sounds
        5. Comments
      3. Information you provide when contacting our customer support team, such as contact information, a summary of the problem you are experiencing, and any other documentation, screenshots, or information that would be helpful in resolving the issue
      4. Location information about your school when participating in the Symbolic Migration, Habitat and Tulip Test Garden projects. This location information appears directly on Journey North maps along with photos submitted. Do not submit photos containing images of children (individuals younger than 18 years old) without first obtaining appropriate permissions from parents or guardians for the information to be displayed on the Journey North website. Do not submit photos of other individuals without their permission.
      5. Information that you provide to us through social media (Facebook, Twitter, etc.)
      6. Email and other site-specific preferences that you set
    2. Other information we collect
      1. To understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences, we collect contact information, IP address, country preference, browser type, internet service provider, pages visited, operating system, date and time of visit, location information, and other information collected through cookies when you use the Journey North website.
      2. Information about the links and buttons you click on, the type, size, and filenames of files you upload, and frequently used search terms
      3. We collect “click stream” data about how you interact with and use features of Journey North
  1. How we use your data
    1. To enable you to use Journey North Services and to personalize your experience.

We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. Our Services also include tailored features that personalize your experience by automatically analyzing your activities on our Services to provide search results, activity feeds, notifications, connections and recommendations that are most relevant for you. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant Services information as you travel across our websites.

We also use your information to resolve technical issues you encounter, to respond to your requests for assistance, to repair and improve the Services, and to verify accounts and activity in order to monitor suspicious or fraudulent activity.

2. For research and development related to the Services.

We are continually looking for ways to improve our Services. We use information about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyze certain new features with some users before rolling the feature out to all users.

3. To foster engagement with the Journey North community.

As you engage in Journey North, you will often create/upload data and content (i.e. sightings, photos, comments, etc.), which may contain information about you, and grant permission to others to see, share, edit, copy, and download that content based on settings you select. Some or all of your profile information may be visible to other Journey North users when you share or interact with specific content. Journey North provides you several ways to manage your preferences. For example, you can manage the way your name appears and the photo content you chose to upload.

Our websites offer publicly accessible community interactions via a secure website emailing system which allows Journey North observers to contact each other without viewing individual email addresses. You do not need to reply to these email communications.

​​​​​​​4. To communicate with you

We use your contact information to send communications, including responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages.

To support our mission, we may send requests to support Journey North via email and social media channels. You can easily opt-out of these communications by clicking the ‘unsubscribe’ link at the bottom of any fundraising e-mail you receive. The generosity of donors makes Journey North possible.

We may provide tailored communications based on your activity and interactions with us. These communications are designed to help you become more proficient in using Journey North, and in most cases you cannot opt out of them. If an opt out is available, you will find that option within the communication itself or in your account settings.​​​​​​​

5. To promote Journey North and/or the UW-Madison Arboretum

We may use, and authorize others to use, any observational data that you submit to Journey North both on the Journey North website and in publications or other media, including but not limited to brochures, news updates, newsletters, papers, magazine, televisions, and websites, for education, research, and promotional and fundraising purposes. Do not submit to Journey North material that you do not have permission to share, and to authorize Journey North to share with others. ​​​​​​​

6. For scientific research purposes

The Journey North program is a citizen-science project intended to benefit the entire scientific research community and the public at large. Therefore, if you participate in any Journey North citizen-science projects, you grant the Board of Regents of the UW System, and their employees and agents, as well as their collaborators, permission to use your contributions in any way to further this goal. We will do our best us to protect your data and your privacy to the extent that it does not impede scientific research. We ask you to grant us these broad permissions because they allow us to keep the data available; this is important because the legal environment can change and we need to be able to respond without obtaining permission from every single Journey North user.

  1. How we share your data

We may share your data with third parties who contract with the Journey North to help administer our operations.  All of our third-party service providers are required to take appropriate security measures to protect your data in line with our policies.  We do not allow them to use your data for their own purposes.  We permit them to process your data only for specified purposes in accordance with our instructions.

We may also share your personal data with third parties to comply with any legal obligation, administer a contract you have with the university, and/or assist university-affiliated programs regarding contacting you about goods, services, charitable giving, or experiences that may be of personal interest.

Some of our Services contain widgets and social media features, such as the Twitter “tweet” button. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly by Journey North. Your interactions with these features are governed by the privacy policy of the company providing it.

We may share information with third parties conducting scientific research using our datasets. In these cases, your identity is pseudo-anonymized using a unique ID so that your activities and data are not associated with your real world identity.

We share information about you with third parties when you give us consent to do so. For example, we display personal testimonials of satisfied participants and supporters on our public websites. With your consent, we may post your name alongside the testimonial.

Other circumstances where we may need to share your personal data with third parties include when it is necessary to protect the health and safety of you or others.

Where your data is shared with third parties, we will seek to share only the necessary pertinent information.

  1. How we secure and store your information

We have physical servers in Madison, WI that we use to store data. We also use cloud data hosting service providers in the United States to host the information we collect, and we use technical measures and industry best practices to secure your data.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

If you submitted citizen-science or any scientific research data to Journey North, these data will be retained for an indefinite amount of time.

We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, for research purposes, to continue to develop and improve our Services, and to comply with any applicable records retention schedules.

  1. Other important information
    1. Our Policy Regarding Children

While Journey North provides many educational materials intended to be used by educators, students and youth, we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us.

Children under 13 must be guided by an adult in the use of our Services. ​​​​​​​

2. Guidance regarding submission of material to Journey North

Do not upload to Journey North any material that you do not have full rights to share. Only upload photographs that you have taken yourself and are your original work and not subject to any obligation to someone else. Do not upload identifiable images of people other than yourself without first obtaining permission for the person in the photograph. ​​​​​​​

3. Cookies and Tracking Notice

A description of how Journey North uses cookies and certain other data from its websites is located in Cookies and Tracking on UW-Madison websites

  1. Privacy Notice Updates

Updates to UW-Madison’s privacy notice will be posted at that site; updates to this supplemental Journey North privacy website will be posted here. We may change this privacy policy from time to time. We will post any Journey North privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on our homepages, login screens, or by sending you an email notification. We encourage you to review our privacy policy often to stay informed about our information practices and the ways you can help protect your privacy.

If you disagree with any changes to this privacy policy, you will need to stop using our services and deactivate your account(s).

GDPR Privacy Notice

NOTICE SPECIFIC TO PERSONS WITHIN THE EUROPEAN UNION (EU) AND/OR THE EUROPEAN ECONOMIC AREA (EEA)

If you are located in the EU or EEA, then our processing of your personal data may be subject to the General Data Protection Regulation, or the “GDPR”)GDPR is a data privacy law that applies to personal data collected in or from the EU or EEA. Journey North is part of the University of Wisconsin-Madison. Your use of this website is governed by UW-Madison’s GDPR Privacy Notice as well as this supplemental notice, which outlines the collection, use, and disclosure of personal data provided to Journey North by individual users of Journey North while located in the EU and/or the EEA.

When you submit information to Journey North or use Journey North’s websites and/or other electronic services, you consent to the collection, use, and disclosure of that information as described in this Privacy Notice.  Please also see our GDPR resources webpage for more information.  https://it.wisc.edu/about/division-of-information-technology/strategic-operations-departments-people/cybersecurity/general-data-protection-regulation-gdpr/

Where GDPR applies, we do not knowingly collect personal data from children under age 16 (or such lower age permitted under applicable local law not being lower than 13).

  1. PERSONAL DATA COLLECTED

We collect personal data from visitors and users of Journey North’s website and services such as browser and device type, IP address, and pages visited.  We also gather the data that is entered into various web forms.  The personal data is used to respond to your inquiries and to conduct analytics to maintain and improve our websites and mobile platforms as well as provide you with relevant marketing and other communications.

The legal basis for this type of data use includes: (1) facilitating transactions requested by you and to meet our contractual obligations, e.g., enabling you to use Journey North according to its terms of use; (2) UW-Madison’s legitimate interests (such as analytics, requesting gifts or donations); (3) complying with a legal obligation; and (4) your consent, where applicable.

  1. HOW WE USE PERSONAL DATA

We use personal data in a variety of ways including those identified above.  Below is a summary of the different purposes for which we use your personal data that includes the uses above as well as some additional uses.  Under certain circumstances, these additional uses may be based on your consent, or may be necessary to fulfill our contractual commitments to you, for legal compliance, or to serve our legitimate interest in the following operations:

  • Responding to your requests or inquiries
  • Carrying out our business operations and administering our educational programs and services
  • Acquiring feedback through research, surveys and similar inquiries to increase our understanding of trends and needs individuals using our websites or other services
  • Requesting and processing gifts and donations
  • Compiling statistics and conducting surveys and research for internal and statutory reporting purposes
  • Preventing, investigating, and addressing fraud, unlawful or criminal activity, other misconduct, security or technical issues, or unauthorized access to or use of personal data, our website or data systems
  • Meeting legal obligations including responding to subpoenas, court orders, or other legal process, enforcing our agreements, and protecting the health, safety, rights or property of you, the university, and others
  • Providing communications, announcements, and other information that may be of interest to you
  • Engaging analytics to prepare marketing, promotions and advertising, either directly or  through third parties, that may be of interest to you
  1. LEGAL BASES FOR PROCESSINGLEGITIMATE INTERESTS

Under GDPR, there are several legal bases on which data is processed at UW-Madison.  As noted above, this may include your consent, where it is necessary for entering into or for the performance of a contract, or where it is necessary for the university’s legitimate interests.  Below are several legitimate interests on which the university relies in using and sharing your personal data:

Under certain circumstances, these additional uses may be based on your consent, or may be necessary to fulfill our contractual commitments to you, for legal compliance, or to serve our legitimate interest in the following operations:

  • Providing and improving our educational programs
  • Furthering research and understanding in fields of academic study
  • Engaging donors and prospective donors, and connecting them with others
  • Conducting and growing the university’s operations
  • Ensuring the safety and security of members of the campus community 
  • Meeting the university’s institutional obligations and enforcing our legal rights
  • Evaluating and improving our online platforms and user experience
  • Protecting against fraud, spam, harassment, intellectual property infringement, crime and security risks
  • Cybersecurity
  • Providing opportunities to volunteer and to attend university events 
  1. YOUR RIGHTS

In light of UW-Madison’s data processing activities that are subject to GDPR, UW-Madison strives to facilitate the exercise of the rights granted to you by GDPR in a timely manner.  This includes ensuring the 

  • Rights to confirm, access, correct and other requests— You have the right to obtain information about the personal data we process about you as well as a copy of the data.  Additionally, and under certain circumstances, you may have the right to correct or update any of your personal data that is inaccurate, to request the deletion of your personal data, to restrict or limit the ways in which we use your data, and to request transfer of your personal data to another party.  Upon a reasonable, good faith request, we will provide you with information about whether we hold any of your personal data as part of our EU/EEA processing activities to the extent required by and in accordance with applicable law. 
  • Right to object—You have the right to follow opt-out instructions in our marketing emails and to object to any processing of your personal data based on your specific situation.  In the latter case, we will assess your request and provide a reply in a timely manner according to our legal obligations.
  • Right to withdraw consent—You have the right to withdraw your consent at any time for all data processing operations that are consent-based and we will stop those processing operations subject to certain legal limitations.  In some cases, you can do this by discontinuing use of the services involved in the EU/EEA processing activities.  This may include closing all of your online accounts with the university and contacting us at gdpr-program@wisc.edu to request that your personal data be deleted.  If you withdraw your consent to the use or sharing of your personal data for the purposes described in this or other UW-Madison privacy statements that link to or expressly adopt this privacy notice, you may not have access to the related services, and we might not be able to provide you all (or any) of the services. 

Note: In certain cases, we may continue to process your personal data after you have withdrawn consent and requested that we delete your personal data if there is a legal basis to do so.  For example, we may retain certain data if we need to do so to comply with a legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our services and operations safe and secure.

When you make requests based on the rights listed above, you may be asked for further personal information to confirm your identity and used solely for the purposes of responding to your request.

  1. RETENTION PERIOD

Personal data in is kept on record at UW-Madison only as long as necessary for the purposes it was collected and processed.  The disposition of your information is subject to the retention periods of applicable state and federal law.  Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.  If you consented to the use of your information, you have the right to withdraw consent without affecting the university’s lawful use of the information prior to receiving your request to withdraw consent.  Please see university record retention schedules and disposition at https://www.library.wisc.edu/archives/records-management/retention-disposition/

  1. INTERNATIONAL DATA TRANSFERS

When you interact with Journey North either directly or through a third party, your personal information is transferred to the United States.  The United States currently is not deemed by the European Commission to have an adequate level of legal protections for personal data information.  UW-Madison relies on appropriate or suitable safeguards or specific derogations recognized under data protection laws including the GDPR.  In particular, we rely on your explicit consent for some of the data transfers and on necessity for the performance of a contract or the implementation of pre-contractual measures taken at your request (e.g., for the transfer of personal data necessary for you to use the Journey North services in accordance with Journey North’s terms of use).  We may also use Standard Contractual Clauses specifically adopted by the European Commission to provide safeguards for personal data transferred outside of the EU/EEA

  1. NOTICE UPDATES

Updates to UW-Madison’s GDPR privacy notice will be posted at that site; updates to this supplemental Journey North privacy website will be posted here.  Please check the date our statement was last updated at the top of this page.

  1. CONCERNS

If you have any concerns or questions regarding your personal data use, please contact gdpr-program@wisc.edu.  We will respond to your request in a timely manner and will do our best to address your concern.  However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of GDPR.  You also have the right to submit a complaint in the EU/EEA Member State of your residence, place of work or of an alleged infringement of GDPR.

Revised: June 13, 2019