Effective date of April 23, 2004
This page was last updated September 28, 2016.
In order for SirsiDynix to provide services or products, collection of or access to PII may be required. The information provided to SirsiDynix will be protected by reasonable means from disclosure to third parties. SirsiDynix also has a specific privacy statement called the Privacy Shield and Swiss Safe Harbor Privacy Statement (below) that applies to certain personal data received in the United States from the European Union and Switzerland.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
ACTIVITIES INVOLVING THE COLLECTION OR PROCESSING OF PII.
SirsiDynix may obtain or gain access to PII in a number of ways. We may, for example, ask our Customer for PII about its employees including name and address for the purpose of registering for conferences, surveys, ordering e-mail news or information, joining limited-access sites (such as forum or list servers), signing up for an event or training, or purchasing and/or registering SirsiDynix products.
SirsiDynix may collect information about Customer's computer hardware and software, if it was not supplied by SirsiDynix. This information may include: Customer IP address, browser type, operating system, domain name, access times and referring Web site addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of SirsiDynix. We do not link this automatically collected data to other information we collect about you.
If a Customer has selected a service or product that requires payment, we may request PII necessary for billing and/or shipping, such as: name, address, telephone number, and credit card number. SirsiDynix uses a third-party payment processing provider for these functions and does not store financial information used in such payment processing.
SirsiDynix also collects information about the pages visited within SirsiDynix websites.
SirsiDynix processes 3rd party PII under the direction of our Customers. Our Customers collect PII from their Patrons. For example, our Customers may collect the name, address, phone number, and other Patron information in order to issue a library card. Customers also may collect information about its Patrons activities related to circulation of books and other materials. We have no ownership of this information or any direct relationship with individuals whose PII may be processed as part of providing our Services.
The U.S. Children’s Online Privacy Protection Act (“COPPA”) may require that our Customers inform parents and legal guardians about how they collect, use, and disclose personal information from children under 13 years of age and that Customers may need to obtain the consent of parents and guardians in order for children under 13 years of age to use the Services we provide on behalf of Customers.
We make no representations, warranties or guarantees that Children’s information will be completely safe or insulated from inappropriate use by external parties, and we do not represent, warrant or guarantee that other users will not attempt to circumvent the rules, features or aspects of the Services. We do not assume any obligation, liability or responsibility associated with such behavior. Because we act as a service provider for our Customers with respect to any Children’s PII, you may be contacted by the Customer or their representatives for consent to collect or otherwise use information from your children. If required by COPPA, that consent allows us to collect and use information on behalf of that Customer to provide the Service.
Additional safeguards with respect to personal information collected about children
If required by COPPA, our Customers should not collect personal information from children under the age of 13 in the United States unless they register in person with the Customer and with verifiable parental consent. Some of our Customers collect birth dates to validate the ages of their patrons, including children. Our Customers may also collect an e-mail address from a parent for the purpose of sending a child e-mails related to the child’s account.
How do we notify and obtain consent from parents for the collection of information from their children?
Our U.S. Customers to whom COPPA applies should require a parent’s verifiable consent to the collection of their child’s PII when their child registers in person to create an account for our Services. If the parent refuses to allow the registration, Customers should not create the account as directed by our Customer. Once a parent provides verifiable consent to the collection of their child’s PII, we will, on behalf of our Customer, create the child’s account and provide the child access to the membership areas of the Services. We perform these Services on behalf of our Customers and therefore such Customers may request your consent.
How can parents access, change or delete personally identifiable information about their children?
If COPPA applies, at any time parents should be able to refuse to allow Customers to process PII from their child and can request that any PII we have collected on behalf of or from our Customers be deleted from the records in our Services; this would be performed by our Customers through our Services. Due to the nature of long-term backup media it is not possible to delete all instances of an individual’s PII from all backup media, but this media is protected by robust physical security measures and is disposed of securely when the media is retired. For certain Customers, a parent has certain editorial access to each of his or her children’s accounts through the parent’s master account on our Customers’ sites. Parents may access, change, or delete the PII that our Customers have collected from their children by logging on to the child’s account through the user interface of the applicable Service. The parent will need to have their child’s username and password to log into their child’s account. Instructions are available via links on each of the Services’ home pages provided by our Customers explaining how to recover a password if the user has forgotten it.
If you have any inquiries regarding our Customers’ privacy practices or how they use your child’s personal information, please contact them directly.
If COPPA applies, Parents have the right to consent to the collection and use of PII from a child without also consenting to its disclosure to third parties as we do not share any of this information with third parties outside of the Customer-approved components of our Services provided by third party vendors.
Upon request Sirsidynix will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging in to your account or contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
SirsiDynix may transfer personal information to other companies that help us provide our Services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.
SirsiDynix will retain personal data we process on behalf of our Customers for as long as needed to provide services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Customers who use the services offered on our Site may submit the personal information of other individuals at their organization to register them as authorized users. It is the Customer’s obligation, as the data controller, to inform its authorized users about the purposes for which information about them is collected and may be used on this Service. Authorized users can update or remove their account information at any time by logging into the Site and editing their account information, or by contacting their administrator.
SirsiDynix adheres to the American Library Association's Code of Ethics’ guidelines for privacy protection, including the obligation to protect each library patron's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
Customer information collected by SirsiDynix will be stored and processed in the United States or in other locations that may be required by SirsiDynix’s Customers or by applicable laws. Customer patron information collected by Customers for use with SirsiDynix products and services will be processed and stored at either a local Customer-hosted SirsiDynix site or a regional SirsiDynix hosting facility.
SirsiDynix abides by the Privacy Shield and Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.
SirsiDynix abides by all applicable privacy statutes and regulations for the nations in which users reside. The SirsiDynix Privacy Shield and Swiss Safe Harbor statement can be found below.
Notification of Changes
We may update this privacy statement to reflect changes to our information practices including any material changes to how we use PII collected from children under age 13. If we make any material changes we will notify you by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
PII will not be collected, sold, leased, or otherwise distributed or disclosed for commercial purposes and will not be distributed or disclosed to outside parties unless required by law.
PII will not be sold, leased or otherwise distributed or disclosed out of line with this policy without notice being given to the individual. At that time, the individual can request the PII not be shared. PII will not knowingly be collected directly by SirsiDynix from children.
What information may be collected on our website(s) without user registration:
- The domain name (e.g. www.SirsiDynix.com) of the visitor.
- The IP address of the computer or Internet provider.
- The date/time you accessed the site.
- Email Address
- Phone number
- Company Information
How the collected information is used:
- Measuring traffic flow and volume.
- Diagnosing server problems.
- Determining which parts of the site users are visiting.
- Delivering services, for example press releases, events information, training or software, which the user requested or purchased.
- To notify our users of product upgrades, special offers, updated information and other services.
- To allow user access to limited-entry Websites.
SirsiDynix may send out periodic e-mails to its Customers about services or security issues related to a product or service. The user will not be able to choose to use the automatic unsubscribe feature to disable these mailings, as they are considered an essential part of the service the user or customer selected during registration. Users or customers may opt out of such mailings by closing the associated account, contacting SirsiDynix according to the process described in the Opt-Out Features section, below.
Disclosure of PII
No attempt is made to identify individual website users unless illegal behavior is suspected.
Network traffic is monitored to identify unauthorized attempts to upload or change information, or otherwise cause damage to the SirsiDynix's web services. PII may be disclosed:
To act in urgent circumstances to protect the personal safety of SirsiDynix employees, users of SirsiDynix products or services, or members of the public or when someone may be causing injury to or interfering with SirsiDynix's rights or property, other users, or anyone else who could be harmed by such activities.
To conform to the edicts of the law or comply with legal process served on SirsiDynix.
If SirsiDynix is involved in a merger, acquisition, or sale of all or a portion of its assets, a prominent notice will be displayed on our Web site of any change in ownership or uses of PII, as well as any choices you may have regarding your personal information, will be posted
SirsiDynix may occasionally hire or use other parties to provide limited services on our behalf, including packaging, mailing/delivering purchases, answering questions about products or services, sending postal mail and processing event registration. We will only provide those companies the information they need to deliver the service, and they are prohibited from using PII for any other purpose.
SirsiDynix's website(s) may contain links to other sites. SirsiDynix is not responsible for the accuracy, currency, and content of any other sites to which SirsiDynix provides hyperlinks or access. SirsiDynix is not responsible for the privacy practices of other sites. SirsiDynix cannot be responsible for an individual's privacy when a patron discloses information to outside web sites.
Credit card transactions for SirsiDynix offerings are almost always completed through third-party payment processors without SirsiDynix having any access to related PII. Such processors use industry-standard technology to safeguard the confidentiality of the individual information. This technology includes use of firewalls, secure socket layers (SSL), and/or encryption. In instances where SirsiDynix takes credit card information directly, such information is processed through a third party payment processor as described above, and SirsiDynix does not retain a copy of the credit card information provided.
In order to further protect individual information, Customers and their patrons should always log out and close the browser when finished using a shared or public computer.
SirsiDynix takes reasonable steps to prevent the introduction of viruses, worms, or other destructive materials into or through its systems. However, SirsiDynix does not guarantee or warrant that materials downloaded from SirsiDynix do not contain viruses, worms, or other destructive materials. SirsiDynix is not liable for any damages or harm attributable to such materials. Usage of materials available via download from SirsiDynix is solely at the user's own risk. No security system is impenetrable. SirsiDynix cannot guarantee the absolute security of its database. SirsiDynix cannot guarantee that the information supplied by the user will not be intercepted while being transmitted to SirsiDynix over the Internet. Depending on our Customers’ security feature selection, information collected through our service is processed via secure socket layers (SSL).
Customer User Access and Choices/Opt-Out
Upon request SirsiDynix will provide you with information about whether we hold any of your personal information. To request this information please contact us at email@example.com.
If our Customers’ personal information changes, they may correct, delete inaccuracies, update, amend, remove, or ask to have it removed by making the change on the user account settings page, by emailing our Customer Support at support@SirsiDynix.com or by contacting us by telephone or postal mail at the contact information listed below. If you no longer desire our Services, please contact us directly. We will respond to your request within a reasonable timeframe.
We will retain Customer information for as long as an account is active or as needed to provide Customers with services. Due to the nature of long-term backup media it is not possible to delete all instances of an individual’s PII from all backup media, but this media is protected by robust physical security measures and is disposed of securely when the media is retired. We will retain and use Customer information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Website users may discontinue receiving some of the communications from SirsiDynix, such as e-mail newsletters announcing new features, contests, and new content, by sending an e-mail to webmaster@SirsiDynix.com. Website users may also discontinue receiving some of the communications from SirsiDynix by editing account settings.
Customer Patron User Access and Choices/Opt-Out
If a Customer Patron’s personal information changes, they may correct, delete inaccuracies, update, amend, or remove it by making the change on the user account settings page, or by contacting a Customer representative. If requested to remove data we will respond within a reasonable timeframe.
We will retain Customer Patron information on live systems for as long as an account is active or as needed to provide the Customer Patron with Services. Due to the nature of long-term backup media it is not possible to delete all instances of an individual’s PII from all backup media, but this media is protected by robust physical security measures and is disposed of securely when the media is retired. SirsiDynix retains data on systems for no longer than one year. Additionally, we will retain and use Customer Patron information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Enforcement of this Privacy Statement
If an individual has questions regarding this statement, individuals should first contact SirsiDynix by e-mail at legal@SirsiDynix.com. Should you not receive acknowledgement of your inquiry or if the inquiry has not been satisfactorily addressed, the individual should then contact the Legal Department.
Attention: Legal Department
3300 North Ashton Blvd Suite 500
Lehi, UT 84043
PRIVACY SHIELD AND U.S. _-SWISS SAFE HARBOR PRIVACY STATEMENT
SIRSI CORPORATION DBA SIRSIDYNIX
This Statement describes how SirsiDynix collects and uses certain personally identifiable information that it receives in the United States from the European Union and Switzerland ("EU and Swiss Personal Data"). In particular, SirsiDynix recognizes that the European Union and Switzerland have established strict protections regarding the handling of EU and Swiss Personal Data, and SirsiDynix therefore has elected to adhere to the US-E.U. Privacy Shield and US-Switzerland Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement with respect to such EU and Swiss Personal Data that it receives in the United States.
Sirsidynix (and its parent company, ICV Partners participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Sirsidynix is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
Sirsidynix is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Sirsidynix complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Sirsidynix is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, SirisDynix may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
U.S. - Swiss Safe Harbor Framework
SirsiDynix complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. SirsiDynix has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view SirsiDynix’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.
Categories of Individual Data Subjects
In general, SirsiDynix may obtain EU and Swiss Personal Data in the United States about several different types of individuals, including (i) website visitors, and (ii) Customers, Customer patrons, suppliers, and business partners, and (iii) SirsiDynix's own employees. SirsiDynix's practices with respect to each of these types of individual data subjects are described below.
Customers, Suppliers, and Business Partners
SirsiDynix may obtain various types of EU and Swiss Personal Data about Customers, patrons of our Customers, suppliers, and business partners. Such data may include contact information (names, titles, addresses, phone and fax numbers, and e-mail addresses); information about products and services ordered or provided; financial and payment information; user ID, passwords, and information collected through Internet-based and e-commerce activities, and other transaction-related data.
SirsiDynix may use these types of EU and Swiss Personal Data for business purposes, including to deliver or provide products or services; to trouble-shoot server problems, to establish or maintain Customer and business relationships; to provide access to Internet-based and e-commerce activities; to perform accounting functions; and to conduct other activities as necessary or appropriate in connection with the servicing and development of the business relationship.
Patrons, employees and agents of our Customers, business partners, and suppliers may contact us if any of their EU and Swiss Personal Data changes, or if they would like to access and correct EU and Swiss Personal Data that we maintain about them. Such persons can contact us by sending an e-mail to the SirsiDynix Legal Office (firstname.lastname@example.org), or by using the information at the end of this privacy statement. Also, to the extent that any of these individuals receive marketing communications from SirsiDynix, and wish to unsubscribe or otherwise stop receiving such communications, they can contact us at our website: email@example.com.
SirsiDynix employees located in the European Union should consult with their local human resources manager to obtain information about SirsiDynix's practices with respect their EU and Swiss Personal Data. Online job applicants to SirsiDynix should also consult any additional terms that apply when they submit their applications and/or resumes.
Other Necessary Disclosures
SirsiDynix may disclose EU and Swiss Personal Data to business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need. SirsiDynix may also disclose EU and Swiss Personal Data as necessary in connection with the servicing the software and hardware of the business. In these situations, SirsiDynix will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbors, or otherwise take steps to ensure that the EU and Swiss Personal Data is appropriately protected. SirsiDynix may also disclose EU and Swiss Personal Data where required or permitted by law, or where SirsiDynix believes that such disclosures are appropriate in connection with a law enforcement request.
Data Security and Integrity
SirsiDynix stores and processes EU and Swiss Personal Data at locations primarily in the EU. On occasion, EU and Swiss Personal Data may be accessed from or transferred to the United States for legitimate business purposes. SirsiDynix takes reasonable precautions to protect EU and Swiss Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction whether such Data is located in the EU or the United States. SirsiDynix also makes reasonable efforts to keep EU and Swiss Personal Data accurate, current, and complete, and reliable for its intended use.
If you have any questions about this Safe Harbor Privacy Statement, or if you would like to request access to EU and Swiss Personal Data that we may maintain about you, please contact us as follows:
Attention: Legal Department
3300 North Ashton Blvd Suite 500
Lehi, UT 84043
Any questions regarding this Privacy Shield and Swiss Safe Harbor Privacy Statement should first be directed to the SirsiDynix contact above. If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you may then contact the local data protection authorities in your EU member state or Switzerland for further information.