Privacy on the GBC website

This Privacy Policy explains what personal data is collected by the GBC website. It tells you why we collect your data, how it is processed, and how we keep it secure. It also gives you the contact details you need if you have any queries or requests concerning your data. For privacy information relating to cookies, see the cookies page.


The Public Website (

The data we collect: if you browse the public website then the following information is logged by our server: your browser, operating system, IP address, the date and time of your visit, the pages visited, and the amount of data transferred.

Why we collect the data: the data are used to monitor for suspicious activities (e.g., attempts to hack the site), to diagnose problems on the site, and to create anonymous usage statistics. We do not attempt to identify or profile individuals based on these data.

Lawful basis for processing the data: processing these data is necessary for our legitimate interest of allowing the website to remain secure and robust.

Who has access to the data: personal data are only accessible to staff at the GBC secretariat who work on the website and the SiteGround support team (see ‘Third party processors’ below).

Data transfer: these data are located on a server in the UK and are not transferred to any other country.

Data retention: we will keep web logs and security logs for a maximum of one year before anonymising them.

Third party processors: the GBC web server was created using the cloud hosting service SiteGround. The personal data outlined above are stored on the GBC’s SiteGround server. The SiteGround support team has access to the server so they can fix problems on it and upgrade it, but personal data are not processed further by them or transferred to another organization. See the SiteGround Terms and Policies for how SiteGround complies with the General Data Protection Regulation (GDPR). For privacy questions concerning SiteGround see the SiteGround privacy policy or contact .


Your rights

Under the General Data Protection Regulation (GDPR) you have a number of rights concerning your data (see the ICO website for an overview of these). If you want to exercise these rights (e.g., to access, modify, or erase your data) then please contact the Data Controller.

You have the right to:

1. Not be subject to decisions based solely on an automated processing of data (i.e., without human intervention) without you having your views taken into consideration.
2. Request at reasonable intervals and without excessive delay or expense, information about the personal data processed about you. Under your request we will inform you in writing about, for example, the origin of the personal data or the preservation period.
3. Request information to understand data processing activities when the results of these activities are applied to you.
4. Object at any time to the processing of your personal data unless we can demonstrate that we have legitimate reasons to process your personal data.
5. Request free of charge and without excessive delay rectification or erasure of your personal data.
6. It must be clarified that rights 4 and 5 are only available whenever the processing of your personal data is not necessary to:
● Comply with a legal obligation.
● Perform a task carried out in the public interest.
● Exercise authority as a data controller.
● Archive for purposes in the public interest, or for historical research purposes, or for statistical purposes.
● Establish, exercise or defend legal claims.

If you want to exercise these rights then please contact the Data Controller.


Data controller

Chuck Cook, Global Biodata Coalition Program Manager

Last update: 20 April 2020