ORCID Privacy Notice
Effective Date: January 1, 2025
This Privacy Notice (“Notice”) explains how ORCID (“ORCID”, “we”, “us”, or “our”) collects, uses, and discloses information about ORCID users and others who visit ORCID websites and use ORCID services (“the Services”). The term “you” refers to you as a user of ORCID. ORCID is a consortium of technology partners led by DISH Wireless LLC. This Notice applies only to the ORCID website and Services. Other DISH services and websites are governed by separate privacy notices.
California Notice at Collection
We collect the categories of personal information (as defined in the California Consumer Privacy Act (CCPA)) listed in the table below.
| Category of Personal Information Collected | Sold or Shared |
|---|---|
| Identifiers, including names, postal addresses, email addresses, online identifiers, IP addresses, account names, and other similar identifiers. | No |
| Personal information categories listed in the California Customer Records statute. | No |
| Internet or other electronic network activity information, including information regarding interactions with an internet website, application, or advertisement. | No |
| Imprecise geolocation data, such as general location of devices or IP address. | No |
| Sensitive personal information: account log-in information in combination with passwords. | No |
As further described in this Notice, we generally collect and use the above-listed categories of personal information to provide and manage the Services and achieve legitimate business or commercial purposes.
We retain each category of personal information that we collect for as long as necessary to fulfill the purposes described in this Notice, including to satisfy legal or reporting requirements.
More information, including a description of your legal rights, can be found below in the ‘State Privacy Rights’ section.
Personal Information We Collect
How We Use Personal Information
Personal Information We Disclose
Information Choices and Changes
Network and Information Security
State Privacy Rights
EEA/UK Residents
Questions or Concerns
Changes to This Notice
Personal Information We Collect
Account information:
We collect and maintain regular business records containing information about you that may constitute personal information, such as, among other things: your name, address, e-mail address, logins and password, used to access the Services and other account information.
Usage information:
When you use our Services, we and/or third parties automatically collect usage information, including application usage data and logs, device type and ID, IP address, and location information. This usage information may be in various formats (electronic, audio, and other), and may be collected through our Services.
Cookies, and Other Technologies:
Our Services may be provided through Internet websites or other platforms operated by us, our affiliates, and/or other companies. Information regarding your use of our website(s) is collected while you are on the site(s), and may include browsing activity, and IP address. We and/or other companies we work with may use cookies, web beacons, tags, and other technologies on websites, platforms and in electronic communications to understand users online behavior and to collect certain information, including statistics about website and platform usage, broad demographic information, IP addresses, browser type, device type, Internet Service Provider, referring/exit pages, platform type, date/time stamp, number of clicks, and other similar information. You can access our Services even when you’ve disabled certain cookies, but you may not be automatically recognized upon revisiting. We also may use session replay software, which collects information about your interaction with our Product and Services, including keystrokes, mouse movements, and form field entries, and may monitor your interactions with our Services, including for our compliance verification purposes. Please visit the “Information Choices and Changes” section for further information, including about Do Not Track and how to disable cookies.
Children’s information:
Protecting children’s privacy is important to us. We do not direct the Services to, nor do we knowingly collect any personal information from, children under the age of eighteen. If we learn that a child under the age of eighteen has provided personal information through the Services, we will use reasonable efforts to remove such information from our files.
How long we keep your information:
We retain personal information about you for the amount of time necessary to provide our Services and for as long as required to satisfy legal or tax requirements, for fraud prevention, or for other business purposes.
How We Use Personal Information
We use the personal information we collect primarily for business activities, which may include using your personal information to:
provide, operate, and maintain our Services;
communicate with you (e.g., to contact you for administrative purposes or to send you important updates and communications about this Notice and/or other applicable terms);
identify when changes are made to your account or services;
understand your use of our Services in order to make improvements
detect fraud and unauthorized reception of our Services;
determine whether applicable policies and terms of service are being violated;
perform statistical or qualitative research and analysis;
maintain our “do not contact” lists;
comply with applicable law;
carry out other uses as necessary to provide our Services.
In addition to the items listed above, personal information may be aggregated and/or de-identified for other business uses by us or by third parties. This aggregated and/or de-identified data may be used, for example (and without limitation), to improve our Services, measure and analyze use of our Services, and for other analytical and reporting purposes.
Personal Information We Disclose
We may disclose information we collect from and about you with others as follows:
Our Service providers:
We disclose personal information to third parties that provide business, or technical support services to us and/or administer activities on our behalf. Our service providers may also include professional advisors (e.g., lawyers, accountants, auditors, etc.).
Corporate entities for business transfers:
We may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control. For example, if another entity acquires us or any of our assets, personal information we have collected may be transferred to such entity. In addition, if any bankruptcy or reorganization proceeding is brought by or against us, personal information we have collected may be considered an asset of ours and may be sold or transferred to third parties. Should such a sale or transfer occur, we will use reasonable efforts to try to require that the transferee use personal information we have collected in connection with the Services in amanner that is consistent with this Notice.
Law Enforcement or other third parties for legal, compliance, and safety purposes:
We may be required by law to comply with a valid legal process, such as a subpoena, court order, or search warrant, or where there is a lawful request, to disclose information about you. We may also disclose information about you to protect our customers, employees, or property; in emergency situations; and to enforce our rights under our terms of service and policies, in court or elsewhere.
Sharing of De-identified, Aggregated or Pseudonymous Information:
We may share or disclose information collected or received from or about you in non-personally identifiable formats, including aggregate formats, such as surveys and service usage and other statistical reports.
Information Choices and Changes
Cookies and Do Not Track:
Certain parts of our Services require cookies. You may adjust your device or Internet browser settings to limit certain tracking or to decline cookies, but by doing so, you may not be automatically recognized upon revisiting and may not be able to use certain features of the Services or take full advantage of all of our offerings. Please refer to your device’s settings or your Internet browser’s “Help” section for more information on how to delete and/or disable your device or browser from receiving cookies or controlling your tracking preferences. We might not recognize “Do Not Track” requests or headers from some or all Internet browsers. We may use cookies or other technologies to deliver more relevant advertising and to link data collected across other computers or devices that you may use.
Network and Information Security
We take information security seriously. We use commercially reasonable efforts to prevent unauthorized third-party access to information about you. However, we cannot guarantee that these practices will prevent every unauthorized attempt to access, use, or information about you.
State Privacy Rights
California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah and Virginia
California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah and Virginia give residents the right to know what categories of personal information are collected about them and how it will be used, disclosed, and sold or shared. The purpose of this section of the Notice is to provide residents of these states with a description of our practices regarding the collection, use, disclosure of personal information and how they can exercise their rights in relation to their personal information.
Categories of personal information collected:
We have collected the following categories of personal information about consumers in the preceding 12 months.
| Types of Personal Information We Collect | Examples | Primary Purpose for Collection |
|---|---|---|
| Identifiers | Identifiers such as name, postal address, device identifiers, internet protocol (IP) address, email address, and account name. | Account creation, personalization and facilitating usage of the Service, to prevent fraud and detect security incidents, to communicate important information; internal operations and compliance. |
| Personal information categories listed in the California Customer Records statute | Name, postal address, telephone number | Account creation, personalization and facilitating usage of the Service,to prevent fraud and detect security incidents, to communicate important information; internal operations and compliance. |
| Audio, electronic, visual, thermal, olfactory, or similar information | Website interaction, or other communications, including personal identifiers, and other website interactions. | Training, to prevent fraud and criminal activity, operational analytics, and to comply with applicable laws |
| Internet or other electronic network activity information | Information regarding a consumer’s interaction with an internet website, application, or advertisement, browser information, web analytics, including IP address, time of visit, page(s) visited, cookies, pixel tags, and other similar technologies; information about your use of our network | Facilitating usage of the Services, personalization, internal operations, and to prevent fraud and detect security incidents |
| Geolocation data | Imprecise geolocation data, such as general location of devices or IP address | Provision, development, and optimization of our Services; and to comply with applicable laws |
| Sensitive personal information | A consumer's account log-in, in combination with any required security or access code, password, or credentials allowing access to an account | Account creation/management |
Categories of sources of personal information:
We collect the personal information identified in the chart above from the following categories of sources:
From you and your transactions with us, such as when you request a service, or give us your contact information
From publicly available sources
Personal information we disclose for a business purpose:
There are a number of circumstances where we disclose personal information to companies who work on our behalf to help us provide the Services. We disclose the categories of personal information described above to our affiliates and our service providers as necessary to provide the Services; measure the performance of our network and your devices; and for eligibility, verification, fulfillment, and administrative purposes.
Your Data Rights:
Residents of California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah and Virginia have the right to request certain actions with respect to their personal information. Residents of these states may:
Request that we disclose what categories and specific pieces of personal information we collected about you in the preceding 12 months as well as details regarding: the business purposes for our collection and disclosure of your personal information; the categories of sources from which we collected the information; the categories of personal information we sold, shared, or disclosed for a business purpose; and the categories of recipients of such information
Request deletion of any personal information that we have collected from you, subject to certain legal exceptions
Correct inaccuracies in the personal information we maintain about you
Opt out of the sale or sharing of your personal information, or of targeted advertising
Appeal the denial of any of your requests
Residents of Delaware and Oregon may request a list of specific third parties with which we have shared any personal data.
If you choose to exercise these rights, you will not receive discriminatory treatment by us for your exercise of your rights.
How to submit an access, deletion, or correction request:
If you would like to submit a privacy rights request for access, deletion, or correction please visit our Privacy Portal at https://app.orcid.us/index.html#/your-privacy-choices.
Verification of your identity:
To process your request for access, deletion, or correction we must be able to verify your identity to a reasonable degree of certainty. To do so, you must provide the required identifying information when completing the online request form or making a request through one of our customer service agents. We will ask you to provide your contact information and an additional identifier based on your relationship with us. Before we process your request, we will match these data points with data points we currently maintain to verify your identity and your relationship with us.
Responding to your deletion requests:
Please note that we may not be required to delete information under certain circumstances such as when retention of the information is necessary to complete a transaction, detect security incidents, or for certain other internal purposes.
Authorized agent requests:
You can designate an authorized agent to make a request to access, delete, correct, or opt out on your behalf. When you use an authorized agent to submit a request for access, deletion, or correction, you must provide the authorized agent with written permission to do so, and, in certain circumstances, we may ask you to verify your own identity directly with us. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
Limit the Use of My Sensitive Personal Information:
California residents have the right to limit the use of their sensitive personal information. ORCID does not use or disclose sensitive personal information without your consent for purposes other than those specified in the CCPA.
Nevada SB 220:
Nevada law permits Nevada residents to make certain requests about how their personal information is shared with third parties or affiliated companies. To make such a request, please visit our Privacy Portal at https://app.orcid.us/index.html#/your-privacy-choices
EEA/UK Residents
The processing of personal data of people located in the European Economic Area (“EEA”) and people located in the United Kingdom is subject to the GDPR/UK GDPR. This Notice refers to the GDPR and the UK GDPR collectively as the “GDPR”.
Legal Basis For Processing Personal Data:
We process personal information provided by visitors to our website or other interactions with us on the basis of your consent. We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.
Privacy Rights and Requests:
Under applicable law, you may have certain rights in relation to your Personal Information, including:
Right to Access: You have the right to request access to, or copies (and transmission) of, the Personal Information we hold about you and the purposes for which we are using it.
Right to Rectify: You have the right to correct inaccurate Personal Information that we have collected from and maintain about you, subject to appropriate verification.
Right to Erase: You have the right to erase Personal Information pertaining to you, under certain conditions. We will assess any deletion request after verifying your identity and work to respond within one calendar month, and let you know if we need additional time.
Right to Object: You have the right to object to processing the Personal Information we process, under certain conditions.
Right to Restrict: You have the right to restrict the processing of your Personal Information, under certain conditions.
Right to Data Portability: You have the right to receive the data we have collected from you. Under certain conditions, you may request that we transfer your Personal Information to another organization, or directly to you.
Right to Lodge a Complaint: You have the right to file a complaint with the supervisory authority in your jurisdiction.
How to submit a data subject rights request:
If you would like to submit a data subject rights request please visit our Privacy Portal at https://app.orcid.us/index.html#/your-privacy-choices.
Questions or Concerns
If you have any questions or concerns regarding this Notice, or our privacy practices, please contact us at the following address: DISH Legal Department, Attn: Privacy, P.O. Box 6655, Englewood, CO 80155-6655.
Changes to This Notice
We may modify this Notice at any time. We will notify you of any material changes (or changes required by applicable law) through written, electronic, or other means as permitted by law.
ORCID Reports Disclaimers
The following terminology applies to these ORCID Reports Disclaimers, and any other agreements between You and EchoStar regarding ORCID:
“EchoStar”, “We”, “Our” and “Us” refers to DISH Wireless L.L.C, a subsidiary of EchoStar Corporation.
“NTIA” means the National Telecommunications and Information Administration.
“ORCID Vendor” means one of the various entities engaged by EchoStar to support the testing and evaluation activities conducted by ORCID, whether through the provision of consulting services to ORCID or any Participating Entity or through the provision of hardware, software or other telecommunications services utilized in the ORCID lab. For clarity, ORCID Vendors shall be engaged and compensated solely by EchoStar, and EchoStar makes no guarantee as to the availability or continued participation of any particular ORCID Vendor.
“Participant”, “Participating Entity”, “You” and “Your” refers to you, the company (corporation, limited liability company, trust, partnership or other formal entity) who has accepted the ORCID Terms through registering for the ORCID web portal, or by submitting any Participant Solution for receipt of Services.
“Participant Solution” means the product (hardware and/or software), artifact, or solution submitted by You for testing in the ORCID lab, including any materials, equipment, models, computer software or other items owned or licensed by You that are necessary or advisable for the testing of such product or solution.
“Party”, “Parties” and “Us” refers to both the Participating Entity and EchoStar, or either the Participating Entity or EchoStar.
“Report(s)” includes any and all information provided to You in written form generated by or resulting from the Services made available to You by EchoStar or any ORCID Vendor during or following Your participation in ORCID. Reports include test case results, test report outlines, certifications, formal feedback letters and/or other documentation issued to You by EchoStar; provided that, the foregoing list shall exclude informal email or other electronic communication generated by EchoStar and provided to You via the ORCID web portal.
“Services” means the testing and evaluation activities conducted by ORCID during any Test Phase with respect to a Participant Solution comprising one of the following products, artifacts, or solutions: (i) single and multi- band FR1 Frequency Division Duplex (FDD) Category A radio units (each a “RU”); (ii) single and multi-band FR1 & FR2 Time Division Duplex (TDD) Category A RUs; (iii) single and multi-band FR1 and FR2 TDD Category B RUs; (iv) centralized units (each a “CU”); (v) distributed units (each a “DU”); (vi) combined CUs and DUs; (vii) combined RUs and DUs; and (viii) service management orchestration (“SMO”). For clarity, the testing and evaluation activities comprising the Services shall be set forth in the detailed test plans created by EchoStar for the applicable Participant Solution, which may include interoperability testing with other network elements and may entail a degree of adaptability for the applicable Participant Solution submitted testing.
“Test Phase” means each of the following phases of testing and evaluation of a Participant Solution: (i) Onboarding Test (OBT); (ii) Conformance, Interoperability and Security Tests (CIS); (iii) Capacity and Performance Test (CPT); and (iv) Commercial Readiness Test (CRT). For clarity, while the Test Phases are sequential, a Participant Solution may skip one or more Test Phases depending upon the maturity of the Participant Solution at issue.
For clarity, regardless of whether We use the above terminology in the singular or plural, We intend that the meaning remains the same as agreed above. When We use the word “and”, we mean it in the connective sense of “both”, and when We use the word “or”, We mean it in the inclusive sense of “and/or”.
REPORTS ARE ISSUED SUBJECT TO THE FOLLOWING TERMS, CONDITIONS & DISCLAIMERS:
All Reports issued by EchoStar are for the exclusive use of the Participating Entity that submitted the relevant Participant Solution for testing and shall not be reproduced without the prior written consent of EchoStar. Reports apply only to the specific Participant Solution tested in the ORCID lab under the stated test conditions and protocols, and test results are not necessarily indicative of the qualities of apparent identical or similar testing or conditions, or of the performance of the Participant Solution outside of a controlled test environment, or in connection with a different network architecture, hardware, software, or versions used by the ORCID lab in the performance of the Services. EchoStar shall have no liability for any deductions, inferences or generalizations drawn by the Participating Entity or others from any further use of the Reports, either by the Participating Entity or third parties.
Reports issued by EchoStar do not and are not intended to serve as any form of certification on cellular network and open radio access network technology standards including, without limitation, 3GPP standards and ORAN alliance specifications.
While every effort is taken by EchoStar to ensure that Reports are timely presented to the Participating Entity, EchoStar does not guarantee specific turnaround times nor is it responsible for any late delivery of Services. In no event will EchoStar be liable for damages of any kind, including without limitation, direct, incidental or consequential damages (including, but not limited to, damages for lost profits, business interruption or loss of programs or information) arising out of the use of, or the inability to use any Reports because of EchoStar’s delay in providing such Reports, or for any claims attributable to errors, omissions or other inaccuracies of such Reports
Reports issued by EchoStar will be provided in pdf format to the Participating Entity. EchoStar does not accept any liability whatsoever for documents that were tampered with or were otherwise altered by any person other than EchoStar.
EchoStar will not disclose Reports to anyone other than the Participating Entity without the Participating Entity’s written consent; provided that, EchoStar may disclose Reports to the NTIA in accordance with the ORCID NDA.
If EchoStar or its employees or agents are required to give expert evidence in any litigation arising from the Reports or Your use of the Services, then the Participating Entity will be charged for such services at EchoStar’s then prevailing rate.
Reports issued by EchoStar will be limited to test results and error data. In the event a Participating Entity requires additional support, including, without limitation, recommendations, modifications, improvements, and/or revisions, such additional support is subject to an Advanced Testing and Consulting agreement between EchoStar and the Participating Entity.