1. Home
  2. Privacy Policy

Privacy Policy

Protecting your privacy is very important to us. We do not collect any personally identifiable information (PII) about you during your visit to the NIDDK website unless you choose to provide it to us. We do, however, collect some data about your visit to our website to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, or download information from our website. NIDDK never collects information for commercial marketing or any purpose unrelated to the NIDDK mission and goals.

When visitors send email messages or send information via the Contact Us page containing personal information, NIDDK staff responds to the messages and files them. Only designated staff members requiring access to the emails to respond may view or answer them.

On this page:

Types of Information Collected

When you browse through any website, certain information about your visit can be collected. We automatically collect and temporarily store the following information about your visit:

  • domain from which you access the internet
  • IP address (an IP address is a number that is automatically assigned to a computer when surfing the web)
  • operating system and information about the browser you used when visiting the site
  • date and time of your visit
  • pages you visited or items downloaded
  • address of the website that connected you to an NIDDK website (such as google.com or bing.com)
  • demographic and interest data

We use this information to measure the number of visitors to our website and its various sections and to help make our site more useful to visitors. This information cannot be used to identify you as an individual.

How NIDDK Collects Information

NIDDK.NIH.gov uses Google Analytics, and Sitecore measurement software to collect the information in the bulleted list in the Types of Information Collected section above. Google Analytics and Sitecore collect information automatically and continuously. No PII is collected. The NIDDK staff conduct analyses and reports on the aggregated data from Google Analytics and Sitecore. The reports are only available to NIDDK.NIH.gov managers, members of the NIDDK.NIH.gov communications and web teams, and other designated staff who require this information to perform their duties.

Additionally, NIDDK.NIH.gov participates in the Digital Analytics Program (DAP), in which Google Analytics data is collected from websites across the Federal Government. For more information on DAP, please visit the DigitalGov website.

NIDDK also uses online surveys to collect opinions and feedback from a random sample of visitors. NIDDK.NIH.gov uses an online survey to obtain feedback and data on visitors’ satisfaction with the NIDDK.NIH.gov website and other sites managed by NIDDK. This survey does not collect PII. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the NIDDK.NIH.gov site as those who do take the survey. The survey reports are available only to NIDDK.NIH.gov managers, members of the NIDDK.NIH.gov communications and web teams, and other designated staff who require this information to perform their duties.

NIDDK retains the data from Google Analytics, Sitecore, and survey results as long as needed to support the mission of the NIDDK.NIH.gov website.

How NIDDK Uses Cookies

The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies (PDF, 103 KB) allows Federal agencies to use session and persistent cookies.

When you visit any website, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected.

The cookie makes it easier for you to use the dynamic features of webpages. Cookies from NIDDK webpages only collect information about your browser’s visit to the site; they do not collect personal information about you.

There are two types of cookies, single session (temporary) and multi-session (persistent). Session cookies last only as long as your web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.

  • Session Cookies: We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as “Usage Tier 1—Single Session.” The policy says, “This tier encompasses any use of single session web measurement and customization technologies.”
  • Persistent Cookies: We use persistent cookies to enable Google Analytics and Sitecore to differentiate between new and returning NIDDK.NIH.gov visitors. Persistent cookies remain on your computer between visits to NIDDK.NIH.gov until they expire. We also use persistent cookies to block repeated invitations to take the ACSI survey. The persistent cookies that block repeated survey invitations expire in 90 days. The OMB Memo 10-22 Guidance defines our use of persistent cookies as “Usage Tier 2 – Multi-session without Personally Identifiable Information (PII).” The policy says, “This tier encompasses any use of multi-session web measurement and customization technologies when no PII is collected.”

How to Opt Out or Disable Cookies

If you do not wish to have session or persistent cookies placed on your computer, you can disable them using your web browser. If you opt out of cookies, you will still have access to all information and resources at NIDDK.NIH.gov. Instructions for disabling or opting out of cookies in the most popular browsers are located at USA.gov's Opt-out Instructions. Please note that by following the instructions to opt-out of cookies, you will disable cookies from all sources, not just those from NIDDK.NIH.gov.

How Personal Information Is Protected

You do not have to give us personal information to visit the NIDDK websites. However, if you choose to receive alerts or e-newsletters, we collect your email address to complete the subscription process.

If you choose to provide us with PII, that is, information that is personal in nature and which may be used to identify you, through an e-mail message, request for information, paper or electronic form, questionnaire, customer satisfaction survey, epidemiology research study, etc., we will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).

If NIDDK operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide PII. The notice must address the following 5 criteria:

  1. NIDDK legal authorization to collect information about you
  2. purpose of the information collection
  3. routine uses for disclosure of information outside of NIDDK
  4. whether the request made of you is voluntary or mandatory under law
  5. effects of non-disclosure if you choose to not provide the requested information

Data Safeguarding and Privacy

NIDDK uses web measurement and customization technologies to help our website function better for visitors and to better understand how the public uses the online resources we provide. All uses of web-based technologies comply with existing policies with respect to privacy and data safeguarding standards. Information Technology (IT) systems owned and operated by NIDDK are assessed using Privacy Impact Assessments (PIAs) posted for public view on the Department of Health and Human Services (DHHS) website. NIH conducts and publishes a PIA for each use of a third-party website and application (TPWA) as they may have a different functionality or practice.

Data Retention and Access Limits

NIDDK will retain data collected using the following technologies long enough to achieve the specified objective for which they were collected. The data generated from these activities falls under the National Archives and Records Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic Records,' and will be handled per the requirements of that schedule.

Third-Party Websites and Applications Including Social Media Sites

As part of the OMB Memo M-10-06, Open Government Directive (PDF, 80.5 KB) , the NIDDK uses a variety of new technologies and social media options to communicate and interact with citizens. These sites and applications include popular social networking and media sites, open source software communities and more. Third-party websites (TPWAs) are web-based technologies that are not exclusively operated or controlled by NIDDK, such as applications not hosted on a.gov domain or those that are embedded on NIDDK webpages. Users of TPWAs often share information with the general public, user community, and/or the third-party operating the website. These actors may use this information in a variety of ways. TPWAs could cause PII to become available or accessible to NIDDK and the public, regardless of whether the information is explicitly solicited or collected by NIDDK.

The following list includes some of the TPWAs we use and their purpose. NIDDK sometimes collects and uses PII made available through third-party websites. However, we do not share PII made available through third-party websites. Your activity on the third-party websites we use is governed by the security and privacy policy of those sites, which we have linked below. You should review the third-party privacy policies before using the sites and ensure that you understand how your information may be used. If you have an account with a third-party website, and choose to follow, like, friend, or comment, certain PII associated with your account may be made available to NIDDK based on the privacy policy of the third-party website and your privacy settings within that third-party website. Therefore, you should also adjust privacy settings on your account to match your preferences.

For any NIDDK TPWA that collects PII, the list below also includes details on the information NIDDK collects and how we will protect your private information. 

Information specialists at NIDDK’s Health Information Center answer questions from website visitors through email, phone, and chat. NIDDK uses ChatBeacon to allow visitors to chat with NIDDK information specialists. You are not required to provide any personal information to use ChatBeacon during business hours. During non-business hours you can provide your email and an information specialist will contact you by email. ChatBeacon collects non-personal data, including analytics on general usage patterns. Non-personal data is used to manage the service and diagnose server problems. Although ChatBeacon offers some analytics and usage data to NIDDK, these reports do not include any PII. The reports are password protected and only available to members of the NIDDK.NIH.gov communications and web teams, and other designated staff that require this information to perform their duties. View the ChatBeacon privacy policy.

NIDDK uses the Disqus comment system on its Diabetes Discoveries & Practice blog. To use Disqus, you may be required to provide a username, email, and password. Any PII you provide may appear along with your comments. To protect privacy, all comments containing personal information will be deleted. Our Comment Policy is provided below. View the Disqus Privacy Policy.

NIDDK uses Facebook to share information about NIDDK and NIDDK program activities via short messages. If you have a Facebook account, you can log in to your account to post comments, and 'like' NIDDK Facebook pages and individual entries. If once you click on an NIDDK Facebook page, you comment or click on the 'like' button, your PII will be visible to NIDDK staff and other Facebook site visitors. The amount of visible personal information displayed will depend on your own Facebook privacy settings. You can completely avoid displaying any PII by not creating a Facebook account, not posting comments, not clicking on the 'like' options, or interacting with NIDDK Facebook accounts in any way (i.e., private messaging, sharing NIDDK posts, etc.). NIDDK staff do not collect, use, or disclose any information about visitors who comment or 'like' the NIDDK Facebook sites. However, as a practice, comment moderator policy requires the removal from NIDDK Facebook pages of any comments that contain spam or are improper, inflammatory, off-topic or offensive. Repeat offenders may be subject to banning. The information is then saved on a password-protected shared drive accessible to NIDDK managers, system owners, and communications staff. View the Facebook privacy policy.

NIDDK uses GovDelivery to send e-newsletters, alerts, and other messages to visitors who subscribe to them. To subscribe to an NIDDK product, you must provide an email address and indicate your subscription preferences, including the items you want to receive. The email subscriber lists are password protected by GovDelivery. Only the NIDDK managers who send newsletters, alerts or memos via GovDelivery and staff members who monitor the results of email initiatives have access to the subscriber lists. GovDelivery never allows access to the subscriber lists to anyone outside of NIDDK or for any purpose. GovDelivery collects and provides non-identifying information about the number of messages sent, clicks and open rates. This information is password protected and only available to NIDDK.NIH.gov managers, members of the NIDDK.NIH.gov communications and web teams, and other designated staff who require this information to perform their duties. View the GovDelivery privacy policy.

NIDDK uses IdeaScale to engage the scientific community, professional organizations, and the public in an online dialogue. While visitors may read the submitted questions and comments without registering for an IdeaScale account, visitors who want to contribute questions or comments, follow questions, receive e-mail alerts, or use other site features must create an account at Ideascale. To create an account, you must provide the following information: name, e-mail address, and password. Your e-mail address will not be visible to the public and we do not collect, maintain, disclose, or share any information about registered IdeaScale users. Please note: Questions and comments submitted to the site are public. As such, please do not include any personal information. If you do not wish to create an account, submit your questions or comments to NIDDK. View the IdeaScale privacy policy.

NIDDK uses Instagram to upload photos and videos about NIDDK and NIDDK program activities. Users are able to see the NIDDK Instagram feed without subscribing to it, but those users who want to subscribe to (or follow) the NIDDK Instagram must create an Instagram account at www.instagram.com. To create an account, you must provide some personal information, such as your username, password, and email address. You have the option to provide additional information, including a photo or short biography. Users may also link their Facebook account to their Instagram account. Most information you provide for an Instagram account is available to the public, but you can modify your privacy settings to limit how much information is visible. NIDDK staff members monitor the number of followers and have limited opportunities to address public questions and concerns via Instagram. NIDDK does not solicit, collect, or maintain any personally identifiable information from individuals who visit, like, comment, or otherwise engage with the NIDDK Instagram page. View the Instagram privacy policy.

NIDDK uses the “groups” feature on LinkedIn to engage with current and past employees and members of the public. In order to join a NIDDK group on LinkedIn, you must register for a LinkedIn account and provide your first and last name and e-mail address. Upon confirmation of your email address, you must provide LinkedIn with information regarding your employment, country, zip code, job title, etc. The amount of visible personal information will depend on your LinkedIn user privacy settings. You can completely avoid displaying any PII by not creating a LinkedIn account, not joining NIDDK LinkedIn groups, or not interacting with NIDDK LinkedIn groups in any way (i.e., private messaging, posting on group pages, etc.). Although NIDDK staff managing LinkedIn groups may view the information you provide when you submit a request to join NIDDK LinkedIn groups, NIDDK staff does not collect, use, or disclose any of this information. View the LinkedIn privacy policy.

NIDDK uses X to send short messages, up to 140 characters, which are also known as “posts” to share information about NIDDK with visitors and respond to comments and inquiries sent via X to NIDDK. While visitors may read the NIDDK X feeds without subscribing to them, visitors who want to subscribe to (or follow) NIDDK X feeds must create an X account at https://twitter.com. To create an account, you must provide some personal information, such as name, user name, password and email address. Visitors have the option to provide additional personal information including a short biography, location, or a picture. Most information you provide for an X account is available to the public, but you can modify how much of your information is visible by changing your privacy settings at the Twitter.com website. NIDDK staff members monitor the number of subscribers and respond to comments and queries via X, but never take possession of the personal information belonging to you as an X follower. However, as a practice, comment moderator policy requires the removal from the NIDDK X pages of any comments that contain spam or are improper, inflammatory, or offensive. The information is then saved on a password-protected shared drive accessible to NIDDK managers, system owners, communications staff, web teams, and other designated staff who require this information to perform their duties. View the X privacy policy.

NIDDK posts videos on YouTube to make them available to the public. You do not need to register with YouTube or Google (YouTube owner) to watch NIDDK YouTube videos. When you watch videos, YouTube may record non-PII about their site usage, such as channels used, videos watched, and data transfer details to improve its services. If you log on to the YouTube site before watching NIDDK videos, YouTube may associate information about your site use with your YouTube account. The YouTube privacy policy is the same as Google's privacy policy.

NIDDK conducts and publishes a Privacy Impact Assessment (PIA) for each use of a third-party website as they may have a different functionality or practice. View published HHS PIAs.

For more information on the uses of social and new media for which the U.S. General Services Administration (GSA) has negotiated a federally-friendly Terms of Service Agreement, visit DigitalGov at Negotiated Terms of Service Agreements.

How Social Media Sites Are Managed

The NIDDK social media accounts—on websites such as Facebook, LinkedIn, X, Instagram and YouTube—are managed by the staff of the NIDDK, and NIDDK’s Health Information Service and Education Programs, which are services of the NIDDK, NIH.

If you connect with the NIDDK on any social media site, you can expect some or all of the following:

  • information about new and updated resources from the NIDDK
  • invitations to provide feedback about specific issues
  • information about new research findings
  • information about other NIDDK activities, such as exhibits at conferences for health care professionals
  • information about other resources

Availability: We will update and monitor our social media accounts during office hours, 8:30 a.m. to 5:00 p.m., Monday through Friday, Eastern Standard Time (EST). Social media sites may occasionally be unavailable, and we accept no responsibility for lack of service due to third-party website downtime.

Posted Comments: We welcome feedback and ideas from the public and endeavor to join the conversation whenever possible. However, we are not able to respond individually to all the comments we receive via social media.

By your commenting, we do not gather any information about you, other than information automatically collected and stored when you visit any of our websites and you choose to provide that information to us. The NIDDK will not share or sell any personal information obtained from users with any other organization or government agency except as required by law.

Posted comments will be retained to comply with records retention guidelines as set by Section 44 of the United States Code, chapters 31 and 35, Office of Management and Budget (OMB) Circular A-130 and NARA regulations in 36 CFR ch. XII, subchapter B. NIDDK staff reads all comments and ensures any emerging themes or helpful suggestions are passed to the relevant staff members or department.

Comment Policy

You are encouraged to share your thoughts on websites and social media accounts owned or administered by NIDDK where commenting is supported. Comments should be respectful and relevant to the topic being discussed. Other inquiries should be sent to NIDDK by email or phone.

  • All health inquiries should be sent to the Health Information Center by email or phone at 1-800-860-8747.
  • All media inquiries should be sent to the NIDDK Press Team.

In some instances, comments are subject to be edited or deleted at NIDDK’s discretion. Comments that include the following are prohibited.

  • Vulgar, obscene, profane, threatening, or abusive language
  • Personal attacks of any kind
  • Discriminatory language based on race, national origin, age, gender, sexual orientation, religion, or disability
  • Endorsements of commercial products, services, and organizations
  • Medical advice
  • Repetitive comments
  • Spam or undecipherable language
  • Copyright infringement
  • Solicitation of funds
  • Procurement-sensitive information related to any NIH acquisition
  • Surveys, polls, and questionnaires
  • Personally Identifiable Information (PII)
  • Off-topic posts

All comments on NIDDK blogs are reviewed before they can be posted to ensure compliance with this policy. We welcome your comments at any time. However, reviewing and posting of comments will generally occur during regular business hours Monday through Friday. NIDDK may respond to themes instead of individual comments or questions.

Remember that your posts are public. When posting, do not include information (e.g., phone numbers or email addresses) in the text of your comment that personally identifies you in a way you do not intend; to protect privacy all comments containing personal information will be deleted. In submitting your comments to an NIDDK website, you irrevocably grant NIDDK permission to copy, distribute, make derivatives, display, or perform your work publicly and free-of-charge.

The views expressed in comments reflect those of the individual(s) who authored the comment(s) and may not reflect those of NIDDK, NIH, the U.S. Department of Health and Human Services, or the U.S. government.

For More Information

For more information about the NIDDK privacy policy, please contact the NIDDK Privacy Act Liaison.

Last Reviewed May 01, 2023 12:00 AM