Privacy

Updated April 28, 2014

Protecting your privacy is very important to us. Once you leave the NRC website, you are subject to the privacy policy for the site(s) you are visiting. We do not collect any personally identifiable information (PII) about you during your visit to the Osteoporosis and Related Bone Diseases ˜ National Resource Center (NRC) website unless you choose to provide it to us. Note that the NRC pages reside within the http://www.niams.nih.gov domain (National Institute of Arthritis and Musculoskeletal and Skin Diseases [NIAMS]). We do, however, collect some data about your visit to our website to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, and/or download information from our website. The NRC never collects information for commercial marketing or any purpose unrelated to its mission and goals.

When visitors send e-mail messages containing personal information to the general NRC e-mail box NIHBoneInfo@mail.nih.gov, NRC staff members, or contractors hired to assist NRC in carrying out its mission, respond to the e-mails and file them. We may forward e-mails to another entity within the NIH or another government agency which may be better able to answer the inquiry. We don't share them with anyone else.

Types of information collected

When you browse through any website, certain information about your visit can be collected. We automatically collect and temporarily store the following type of information about your visit:

  • Domain from which you access the Internet
  • IP address (an IP address is a number that is automatically assigned to a computer when surfing the web)
  • Operating system and information about the browser used when visiting the site
  • Date and time of your visit
  • Pages you visited
  • Address of the website that connected you to our website (such as google.com or bing.com)

We use this information to measure the number of visitors to our site and its various sections and to help make our site more useful to visitors.

How NRC collects information

The NRC uses Webtrends measurement software and Google Analytics software to collect the information in the bulleted list in the "Types of Information Collected" section above. The software collects information automatically and continuously. No personally identifiable information is collected. The NRC staff conduct analyses and reports on the aggregated data. The reports are available only to the NRC staff and other designated staff and contractors who require this information to perform their duties.

The NRC also uses online surveys to collect opinions and feedback from a random sample of visitors. The NRC uses the ForeSee Results' American Customer Satisfaction Index (ACSI) online survey to obtain feedback and data on visitors' satisfaction with the NRC website. This survey does not collect personally identifiable information. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the NRC site as those who take the survey. The reports are available only to NRC staff and other designated staff and contractors who require this information to perform their duties.

The NRC retains the data from its measurement software and ACSI survey results as long as needed to support the mission of the NRC website.

How NRC uses cookies

The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, allows Federal agencies to use session and persistent cookies. When you visit any website, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected.

The cookie makes it easier for you to use the dynamic features of web pages. Cookies from NRC web pages only collect information about your browser's visit to the site; they do not collect personal information about you.

There are two types of cookies, single session (temporary) and multi-session (persistent). Session cookies last only as long as your web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.

Session Cookies: We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo M-10-22 Guidance defines our use of session cookies as "Usage Tier 1 — Single Session." The policy says, "This tier encompasses any use of single session web measurement and customization technologies."

Persistent Cookies: We may use persistent cookies to enable our measurement software to differentiate between new and returning NRC visitors. Persistent cookies remain on your computer between visits to the NRC until they expire. We use persistent cookies to block repeated invitations to take the ACSI survey. The persistent cookies that block repeated survey invitations expire in 30 days. The OMB Memo M-10-22 Guidance defines our use of persistent cookies as "Usage Tier 2 — Multi-session without Personally Identifiable Information (PII)." The policy says, "This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected."

How to opt out or disable cookies

If you do not wish to have session or persistent cookies placed on your computer, you can disable them using your web browser. If you opt out of cookies, you will still have access to all information and resources at the NRC, but you will not be invited to take our online survey. Instructions for disabling or opting out of cookies in the most popular browsers are located at http://www.usa.gov/optout_instructions.shtml. Please note that by following the instructions to opt out of cookies, you will disable cookies from all sources, not just those from the NRC.

How personal information is protected

You do not have to give us personal information to visit the NRC website. If you choose to provide us with personally identifiable information, that is, information that is personal in nature and which may be used to identify you (for example, through an e-mail message, request for information, paper or electronic form, questionnaire, customer satisfaction survey, epidemiology research study, etc.), we will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal e-mail address, home mailing address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

If the NRC operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide personally identifiable information. The notice must address the following five criteria:

  • NIH legal authorization to collect information about you
  • Purpose of the information collection
  • Routine uses for disclosure of information outside of NIH
  • Whether the request made of you is voluntary or mandatory under law
  • Effects of non-disclosure if you choose to not provide the requested information.

For further information about the NRC privacy policy concerning this website, please contact the NRC Web Manager at 301-496-8190.

Data Safeguarding and Privacy

All uses of web measurement and customization technologies will comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems owned and operated by the NRC are assessed using Privacy Impact Assessments posted for public view on the Department of Health and Human Services website (http://www.hhs.gov/pia/nih.html). Groups of records that contain information about an individual and are designed to be retrieved by the name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy website. For more information, please refer to the NIH Privacy Policy posted on the NIH.gov website. When web measurement and customization technologies are used, the Privacy Policy/Notice must state:

  • Purpose of the web measurement and/or customization technology;
  • Usage Tier, session type, and technology used;
  • Nature of the information collected;
  • Purpose and use of the information;
  • Whether and to whom the information will be disclosed;
  • Privacy safeguards applied to the information;
  • Data retention policy for the information;
  • Whether the technology is enabled by default or not and why;
  • How to opt out of the web measurement/customization technology;
  • Statement that opting-out still permits users to access comparable information or services; and,
  • Identities of all third party vendors involved in the measurement and customization process.

Data Retention and Access Limits

The NRC will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC "Electronic Records," and will be handled per the requirements of that schedule (http://www.archives.gov/records-mgmt/grs/grs20.html).

How the NRC uses third-party websites and applications

Third-Party Websites and Applications (TPWA) are web-based technologies that are not exclusively operated or controlled by the NRC, such as non-.gov hosted applications and those embedded on one of our webpages that could cause personally identifiable information (PII) to become available or accessible to the NRC, regardless of whether the NRC solicits or collects it. Users of TPWAs often share information with the general public, user community, and/or the third-party operating the website. These actors may use this information in a variety of ways.

As part of the Open Government Directive, www.niams.nih.gov/Health_Info/Bone uses a variety of new technologies and social media options to communicate and interact with citizens. These sites and applications include popular social networking and media sites, open source software communities, and more. The following list includes the websites and applications we use and their purposes. For any sites or applications that collect PII, this list also includes details on information collected and how the NRC protects your private information.

Bit.ly

The NRC uses Bit.ly to shorten long URLs for use in email messages, NIAMS Twitter feeds and on NIAMS Facebook pages. Bit.ly collects and provides data on how often you as an email recipient or Facebook/Twitter user, click on the shortened URLs distributed by NIAMS staff. Bit.ly analytics show how many people clicked on the URLs posted by NIAMS, compared to the total number of clicks on the shortened URLs. Bit.ly analytics do not provide any PII about the visitors who open the shortened links. The Bit.ly privacy policy is available at http://bit.ly/pages/privacy NIAMS External Web Site Policy.

AddThis

The NRC uses the AddThis service to allow visitors to bookmark and share the NRC website content on a variety of social media sites. Visitors who use the AddThis service to share content do not need to register or provide any personal information. The AddThis service providers collect non-personal data, including the aggregate and summary statistics on browsers and usage patterns. AddThis also uses non-personal data to manage the service efficiently and diagnose server problems. Although AddThis offers some analytics and usage data to the NRC, these reports do not include any personally identifiable information. The reports are password protected and only available to the NRC designated staff requiring this information to perform their duties. The AddThis Privacy policy is available at: http://www.addthis.com/privacy.

Widgets

The NRC offers a variety of widgets that deliver small versions of selected NRC site content to other online locations outside of the site where the content originated. Widgets are portable pieces of code. Visitors can install the widgets on any PC or Mac webpage without requiring additional coding or configuration. The NRC widgets deliver information and links to any site or application where the widgets are installed. These widgets do not collect any type of personally identifying information from visitors who install them. The NRC widgets are located at: http://www.niams.nih.gov/Health_Info/Bone/widget.asp.

YouTube

The NRC may post videos on YouTube to make them available to all of our visitors. You do not need to register with either YouTube or Google (YouTube owner) to watch our videos. When visitors watch videos, YouTube may record non-personally identifiable information about its site usage, such as channels used, videos watched, and data transfer details, to improve its services. If you log on to the YouTube site before watching our videos, YouTube may associate information about your site use with your YouTube account. Commenting on a video while you are logged in would allow others to see information about you associated with your comment; however, when we do post videos, we do not allow viewers to comment at this time. The YouTube privacy policy is available at: http://www.youtube.com/t/privacy NIAMS External Web Site Policy.