Privacy Policy

MIT Mobius App
Privacy Statement

Introduction

The MIT Mobius App Team under MIT Project Manus is committed to supporting the privacy of the users of Mobius.  This Privacy Statement explains how we handle and use the personal information we collect about MIT Mobius users.

What personal information we collect

While specific information may vary for particular individuals, we collect, use, store and transfer different kinds of personal information about you, which we have grouped together as follows:

  • Basic biographic/contact information –phone numbers, email addresses, billing address and social media contact information
  • Demographic information – names, MIT ID numbers and photographs
  • Credentials earned in MIT makerspaces
  • Credit Card information (passed through to CyberSource, not stored by Mobius)
  • Google Advertiser ID

How we collect personal information about you

The information is collected from MIT systems when you sign in to use Mobius, or directly entered by you through Mobius when you use the application.

How we use your personal information

We use your personal information for a number of legitimate purposes all in support of the Institute and its mission.  Specifically, we use your personal information to:

  • Identify users and verify credentials in makerspaces
  • Handle payments within MIT makerspaces (credit card data is not stored by Mobius, but transmitted securely encrypted to MIT’s payment processor, CyberSource)
  • Study usage of the app and ways to improve it
  • The Google Advertiser ID is used to identify device type in the event of an app crash; we use a framework called Crashlytics (owned by Google) to collect crash data to help us improve the app

If you have concerns about any of these purposes, or how we communicate with you, please contact Jonathan Hunt, MIT Project Manus. We will always respect a request by you to stop processing your personal information (subject to our legal obligations).

When we share your personal information

To perform the functions listed above, it may be necessary to share your personal information with software developers MIT has contracted with to work on the Mobius app.  Protection and proper use of the data is and will be a requirement of any development contract for the Mobius app.

Credit card data is passed through encrypted to CyberSource where it is stored and processed.

How your information is stored and secured

MIT uses risk-assessed administrative, technical and physical security measures to protect your personal information. User data is stored securely on MIT servers and is only accessible to authorized Project Manus staff, MIT IT operations staff, and software developers directly hired by MIT to work on the Mobius application.

How long we keep your personal information

The data is retained in accordance with applicable law, MIT Policy or until requested to be deleted by the user.

Rights for Individuals in the European Economic Area

You have the right in certain circumstances to (1) access your personal information; (2) to correct or erase information; (3) restrict processing; and (4) object to communications, direct marketing, or profiling.  To the extent applicable, the EU’s General Data Protection Regulation provides further information about your rights.  You also have the right to lodge complaints with your national or regional data protection authority.

If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identity when exercising these rights.  Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future, as well as any information necessary for MIT archival purposes.  We may also need to retain some financial information for legal purposes, including US IRS compliance.  In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against or exercising our rights with respect to such claim.

By providing information directly to MIT, you consent to the transfer of your personal information outside of the European Economic Area to the United States.  You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.

You are under no statutory or contractual obligation to provide any personal data to us.

Additional Information

We may change this Privacy Statement from time to time.  If we make any significant changes in the way we treat your personal information we will make this clear on our MIT websites or by contacting you directly.

The controller for your personal information is MIT.  If you are in the EU and wish to assert any of your applicable GDPR rights, please contact dataprotection@mit.edu.

This policy was last updated in SEPTEMBER 2018.