Privacy Policy

This Chan Zuckerberg Biohub, Inc. (“Biohub,” “we,” “us”) Privacy Policy (“Privacy Policy”) provides information on how we collect, use, maintain, and disclose personal information about you in connection with your use of Biohub’s digital platforms including biohub.org (the “Site”), and any other products and projects of Biohub that state that this Privacy Policy applies to our collection of personal information (collectively “the Services”). This Privacy Policy does not apply to products, programs, or activities of Biohub that do not incorporate this Privacy Policy by reference.

By accessing and using the Services, you are accepting the terms of this Privacy Policy, which may be updated and amended from time to time. By accepting this Privacy Policy, you agree that Biohub is the “controller” of your personal information processed in connection with the Services. If you don’t agree with this Privacy Policy, do not access or use the Services.

California residents can find specific disclosures, including “Notice at Collection” details, in the California Privacy Rights section below.

The personal information we collect depends on how you interact with us, the Services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our Services, including information you provide directly, information collected automatically, information from third-party data sources, and data we infer or generate from other data.

Information you provide directly. We collect certain information from you when you provide it to us directly. For example:

• Name and contact information, including contact details such as email address or phone number.
• Account access information. If you create an account, we will collect information such as a username in combination with a password, security or access code, or other credential that allows access to your account.
• Professional and employment related information, such as details about your employer and your job title.
• Subscribing to our Technology Publisher or Newsletter. When you sign up to receive our Technology Publisher or newsletter, you provide us with certain personal identifiers, such as your first and last names and your email address.
• User Support. If you email us with a support request or comment at one of our email addresses published on our Services, you may provide us with personal identifiers such as your contact information and a description of the issue so that we can respond.
• User Submissions. If you decide to submit data or other content to the Services, we will collect this information and associate it with you. Additionally, when you use the Services to generate results, analyses, or other outputs, we may collect and store those outputs.
• Surveys and Feedback. If you decide to respond to a survey or send us feedback, we may collect personal identifiers and information about your interests or preferences.
• Event or Training. If you decide to register or attend an event or training we may collect personal identifiers or audio or visual information from you.

Information we collect automatically. When you use our Services, certain information gets created and logged automatically; the same is true when you visit our Services. Here’s what we collect:

• Log data. When you visit our websites (whether on your computer or on a mobile device), we gather certain internet or other electronic network activity information automatically and store it in log files. This information includes IP addresses, the Internet Service Provider, referring/exit pages, date/time stamps, clickstream data, login/logout times, and duration of time spent on our websites.
• Device data. In addition to log data, we collect information about the device you’re using to access the websites; this includes the type of device, browser type, operating system, settings, unique device identifiers, and crash data that helps us understand when something goes wrong.
• Cookie Information. We also use cookies (small text files sent by your computer each time you visit our Services that are unique to your device or your browser) and similar technologies. These cookies share internet or other electronic network activity and general geolocation data with certain service providers. For example, we utilize Google Analytics, a web analysis service provided by Google, to collect certain personal information, such as how often users visit the Services or what pages they visit. To learn more about how Google collects and processes personal information, please visit here. For more information about how to opt out of having your personal information used by Google Analytics, visit here. See this FAQ for more information about cookies and the choices you have to control them.

Information we obtain from other sources. We may also receive personal information about you from other sources, including third parties, partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check where permitted by law.

Sensitive Personal Information. We may collect sensitive personal information that you voluntarily provide in different contexts, such as when you apply for a job at Biohub or submit a grant application or proposal. The types of sensitive personal information we may collect include information you choose to self-report concerning protected classifications under California law, U.S. federal law, or other applicable data protection laws and regulations, such as race, ethnicity, nationality, citizenship or citizenship status, gender identity, sexual orientation, religion, political or philosophical beliefs, medical or physical conditions, or disabilities.

• Job Applications: If you apply for a job, we may use this information to evaluate and improve our recruiting programs and to comply with government reporting obligations. We may also collect health information to evaluate requests for reasonable accommodations for qualified individuals with disabilities. We do not use sensitive personal information in hiring decisions. For more details, please see our Equal Employment Opportunity Policy.
• Grant Applications: If you apply for or receive a grant, we may use this information to inform our grantmaking strategy, evaluate programs, and fulfill reporting or compliance obligations associated with our philanthropic activities. We may also collect government identifiers, such as a tax ID, in order to process and manage payments to you from Biohub, as applicable.

We do not combine sensitive personal information provided in connection with job applications with information provided in connection with grantmaking.

We use the personal information we collect for the purposes described in this Privacy Policy or as otherwise disclosed to you. The purposes vary depending on your relationship with us (for example, whether you are a product user, grantee, job applicant, or website visitor).

General Purposes

We use personal information for:

• Product and service delivery. To provide and deliver our Services, including troubleshooting, improving, and personalizing those Services.
• Organizational operations. To operate our organization, such as accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
• Product improvement, development, and research. To develop new services or features and to conduct research.
• Personalization. To understand you and your preferences to enhance your experience and enjoyment using our Services.
• Communications. To send you information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
• Information you’ve requested. To inform you — via the email address you provide us — of other initiatives, news, requests for applications, and job opportunities related to Biohub. We may also collect your phone number to send you text messages, but only with your consent, and we will not share this information with third parties for their own marketing or promotional purposes.
• Marketing/Advertising. To communicate with you about new services, offers, promotions, upcoming events, and other information about our Services. We may also display targeted advertising about our services to you on third-party platforms (e.g., social media platforms).

Our website does not include advertisements for third-party goods and services. However, we may use advertising, on our Services or on other third party websites, to promote the products, programs, and services that we provide and/or support. Subject to your settings, we may use your email address or cookies to direct ads for our own programs to you on third-party sites.

Please review this FAQ to learn more about how we use third party cookies and to exercise your control and choice over their use, including advertising.

Job Applicant and Recruitment Purposes

When you apply for a job with Biohub, we use your personal information to:

• Make hiring decisions, including assessing your skills and qualifications for particular roles.
• Manage logistics of the hiring process, such as arranging interviews.
• Identify and attract candidates to work at Biohub.
• Improve our recruitment and hiring process.
• Help ensure that our hiring aligns with Biohub’s commitment to merit-based equal employment opportunities, including analyzing the data we collect.
• Comply with legal obligations, satisfy document retention requirements, and defend against legal claims.

For more information, please see our Privacy Policy for Job Applicants.

Grantmaking and Philanthropic Purposes

When you engage with us as a grant applicant, grantee, venture partner, or participant in our philanthropic initiatives, we use your information to:

• Administer, analyze, evaluate, and improve our grantmaking or venture investment processes.
• Deliver, evaluate, and improve training offerings for grantees.
• Engage with other organizations on shared philanthropic work, including developing new programs.
• Administer and support contracts with our suppliers.
• Develop public-facing communications materials (e.g., video or audio recordings, social media posts, blog posts, or similar resources).
• Provide information you have requested, such as newsletters, or inform you of new or related resources and services.
• Communicate with you about a grant application, proposal, or opportunity, and respond to inquiries or submissions.

We retain personal information for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and for other legitimate and lawful purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of controls that enable users to delete data, and our legal or contractual obligations.

We disclose personal information with your consent or as we determine necessary to complete your transactions or provide the services you have requested or authorized. In addition, we disclose each of the categories of personal information described above, to the types of third parties described below, for the purposes described in this Privacy Policy:

• Service Providers and Vendors. Biohub works with vendors, service providers, and other partners that help us provide the Services on our behalf. These services are, for example, sending emails, performing statistical analysis, database management services, database hosting, providing customer support software, survey providers, and security. In the course of providing these services, our service providers may have access to your personal information.
• Biohub Entities and Affiliates. We enable access to personal information across our affiliates and related entities, for example, where we share common data systems or where access helps us to operate our organization and provide our Services. Our affiliates include entities that are under common control and ownership, but do not include Meta Platforms, Inc. (Meta) or any Meta affiliates.
• Reorganization, Sale, or Merger. We may share your personal information in connection with a merger, reorganization, acquisition, joint venture, divestiture, dissolution, liquidation, or sale of all or a portion of our organization or assets related to Biohub.
• Legal and law enforcement. We will access, disclose, and preserve personal information when we believe doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement, national security, or other government agencies.
• Security, safety, and protecting rights. We will disclose personal information if we believe it is necessary to: protect our users and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone; operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks; or protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

Third party analytics and targeted advertising providers also collect personal information through our Services including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in this FAQ. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others.

Some of the data disclosures to these third parties may be considered a “sale” or “sharing” of personal information as defined under the laws of California and other U.S. states. These third parties use the data we provide for analytics or to help us advertise our own services — not for their own direct marketing or advertising purposes. Please see the “Choices and Rights Over Your Personal Information” and “California Privacy Rights” sections below for more details.

Some of our services may also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to share personal information with them, that data is governed by their privacy policies.

Finally, we may disclose de-identified information in accordance with applicable law.

Rights. You have the following rights with respect to the personal information we have about you:

• Delete data. You can ask us to erase or delete all or some of your personal information subject to our legal obligations and lawful exceptions.
• Change or correct personal information. You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate.
• Object to, limit, or restrict use of personal information. You can ask us to stop using all or some of your personal information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal information is inaccurate or unlawfully held).
• Right to access and/or take your personal information. You can ask us for a copy of your personal information in machine-readable form.
• The right to notice. You have a right to receive notice of our personal information collection, use, retention, and disclosure practices at or before collection of personal information.
• The right not to be discriminated against. Biohub will not discriminate against you in any manner for exercising any of the above rights with respect to your personal information.

Contact us at privacy@biohub.org if you have questions or would like to exercise any rights you have under applicable law to control your personal information. Before processing your request to access, change, or delete personal information, we will take reasonable steps to verify your identity, which may include verifying that the email address from which you submit the request matches the email address we maintain on file for you. In some cases, we may ask that you provide additional information or take additional actions to verify your identity. You can also have an authorized agent email us to make a request on your behalf. The authorized agent will be required to provide proof that they have been authorized to act on your behalf. If the authorized agent does not provide such proof, you will be required to confirm your identity and the authenticity of the request.

If you would like to appeal a Biohub decision with respect to a request to exercise any of these rights, please email us at privacy@biohub.org and explain the basis for your appeal. If you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

Additional Controls. You have choices available to you through the device you use to access the Services. For example, your browser may let you control cookies and other types of local data storage.

Targeted Advertising. To opt-out from or otherwise control the use of data collected on our Services to display targeted advertising on third-party platforms, you have several options. First, you can opt-out of this practice by clicking the Do Not Sell or Share My Personal Information link or the link provided in the footer of the website and turn off the toggle switch for Marketing and Social Media Cookies. Or you can use the Global Privacy Control (“GPC”) setting in a web browser or browser extension as described below. You can use the opt-out controls offered by the organizations our advertising partners may participate in, which you can access at:

• United States: NAI (https://optout.networkadvertising.org) and DAA (https://optout.aboutads.info/)
• Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/)
• Europe: European Digital Advertising Alliance (https://www.youronlinechoices.com/)

Or, you can use the other cookie or mobile ID controls described below.

These choices are specific to the device or browser you are using. If you access our Services from other devices or browsers, take these actions from those devices or browsers to ensure your choices apply to the data collected when you use them.

Data sales. Some privacy laws define “sale” broadly to include some of the disclosures described in the “Disclosing Your Personal Information” section above, in particular those related to targeted advertising. To opt-out from such data “sales” you may use the targeted advertising controls described above.

Browser or platform controls.

• Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our Site. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
• Global Privacy Control. Certain browsers or browser extensions enable you to instruct websites not to share your personal information for cross-contextual behavioral advertising via the GPC. If you have activated GPC in your browser or extension, we will honor those requests that our Sites can recognize by disabling targeting cookies and similar technologies. Please be aware that we may not always be able to link an opt-out preference signal to other user data, such as your email address.
• Do Not Track. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
• Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.

Email web beacons. Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, and the automatic connection to the web servers that host those images.

If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (CCPA), you have certain rights with respect to that information.

Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Policy.

Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this Privacy Policy. You may make such a “request to know” using the email address in the “Contact Information” section at the end of this Privacy Policy.

Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, please use the contact details provided in the Contact Information section at the end of this Privacy Policy.

Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

Note that the CCPA defines “sell,” “share” and “personal information” very broadly, and some of our data disclosures described in this Privacy Policy may be considered a “sale” or “sharing” under those definitions, in particular those related to targeted advertising.

In the past 12 months, we have sold or “shared” the following categories of personal information: (1) identifiers; (2) internet or other electronic network activity; (3) geolocation data; and (4) inferences drawn from internet or other electronic network activity. To opt-out from “sales” or “sharing” of personal information, you can click the Do Not Sell or Share My Personal Information link or use the GPC described in the “Choices and Rights Over Your Personal Information” section of this Privacy Policy.

We do not knowingly sell or share the personal information of minors under 16 years of age.

Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that we do not use sensitive personal information for any such additional purposes.

Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.

Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law.

CZI is based in the United States. When you engage with our Services, you are sending personal information into the United States which may have different data protection rules than those of your country. We process data both inside and outside of the United States. When we transfer data across borders, we do so in accordance with law and we take steps to process and protect personal information as described in this Privacy Policy wherever the data is located. For example, for those located in the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), if we transfer your personal information to a place that does not have a similar degree of protection for personal information, we will use measures to protect your data such as Standard Contractual Clauses (SCCs).

We will collect, use, and share your personal information only where we have a legal right to do so. This section explains our legal bases for processing personal information, including under GDPR.

• Consent. We rely on consent to engage in certain data collection activities, like when you sign up for our newsletter or agree to receive text messages from us.
• Performance of a contract. We rely on the legal basis, performance of a contract, when we need to process your information in order to fulfill our contract with you.
• Legitimate Interests. We rely on legitimate interests to process the data we collect when you browse or use our Services. We have a legitimate interest in understanding what you found valuable about our Services so that we can improve them. We also have a legitimate interest in maintaining the security of our Services.

Where we rely on consent, you have the right to revoke your consent; and where we rely on legitimate interests, you have the right to object by emailing us at privacy@biohub.org.

Security of Your Information. Security of personal information is important to us. We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, and destruction. If you have any questions or concerns about security, or if you become aware of any security issues relating to our Services, please contact our security team at security@biohub.org.

Changes to This Privacy Policy. We may modify this Privacy Policy from time to time, and you can see when the last update was by looking at the “Last Updated” date at the top of this page. If we make material changes to it, we’ll provide you notice in accordance with applicable laws.

Contact Information. If you have questions or complaints regarding this Privacy Policy, please contact us at privacy@biohub.org.

Chan Zuckerberg Biohub, Inc.
2682 Middlefield Road, Suite i
Redwood City, CA 94063

To comply with article 27 of the GDPR and the United Kingdom GDPR, we have appointed a representative who can accept communications on behalf of Biohub in relation to personal information processing activities falling within the scope of the GDPR. If you wish to contact them, their details are as follows:

European GDPR Representative:
Bird & Bird GDPR Representative Services SRL
Avenue Louise 235 box 1
1050 Bruxelles
Belgium
EUrepresentative.ChanZuckerberg@twobirds.com

UK Data Protection Representative:
Bird & Bird GDPR Representative Services UK
12 New Fetter Lane
London EC4A 1JP
United Kingdom
UKrepresentative.ChanZuckerberg@twobirds.com