Legal & Privacy Terms



Effective date of April 23, 2004

This page was last updated December 18, 2014.

Sirsi Corporation and its affiliated companies dba SirsiDynix ("SirsiDynix") are committed to protecting your privacy.  This privacy policy covers the collection, use and disclosure of information collected through our site and the products and services we provide to Customers (“Customers”) (collectively “Services”).  It also describes the choices you have regarding our use of your personally identifiable information (PII) and how you can access and update such information. The use of information collected through our Services shall be limited to the purpose of providing the services for which clients have engaged SirsiDynix. We recognize the need to protect any PII shared with us, including but not limited to PII of our customers (“Customer(s)”) and our Customers’ patrons (“Patron(s)”). PII is singular or collective information that identifies an individual; for example, a person's name, mailing address, telephone number, e-mail address, or other such information. PII does not include aggregated data from which the personally identifiable information has been removed.

 SirsiDynix’s Privacy Policy identifies the care taken to protect, manage and use your PII. This Privacy Policy incorporates principles awareness, choice, notice, accuracy, access, security, data integrity, enforcement, and oversight.

 In order for SirsiDynix to provide services or products, collection of or access to PII may be required. The information provided to SirsiDynix will be protected by reasonable means from disclosure to third parties. SirsiDynix also has a specific privacy statement called the Safe Harbor Privacy Statement (below) that applies to certain personal data received in the United States from the European Union and Switzerland,.

 Please read the complete SirsiDynix Privacy Policy, and if you provide us with PII, you are accepting the practices described in this Privacy Policy.

SirsiDynix has received TRUSTe’s Privacy Seal and Children’s Privacy Seal signifying that this privacy policy and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal.  The TRUSTe certification only covers information collected through our site and the associated online Services, including Symphony, Enterprise, Portfolio (Enterprise + Digital Content), E-Resource Central, ERC PAC, and BLUECloud.  The TRUSTe children’s seal only covers information processed on behalf of our clients within our Services.

If you have questions or complaints regarding our privacy policy or practices, please contact us at If you are not satisfied with our response you can contact TRUSTe here, or refer to the Dispute Resolution section later in this privacy policy for more specific instructions.


SirsiDynix may obtain or gain access to PII in a number of ways. We may, for example, ask our Customer for PII about its employees including name and address for the purpose of  registering for conferences, surveys, ordering e-mail news or information, joining limited-access sites (such as forum or list servers), signing up for an event or training, or purchasing and/or registering SirsiDynix products.

 SirsiDynix may collect information about Customer's computer hardware and software, if it was not supplied by SirsiDynix. This information may include: Customer IP address, browser type, operating system, domain name, access times and referring Web site addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of SirsiDynix.  We do not link this automatically collected data to other information we collect about you.

 If a Customer has selected a service or product that requires payment, we may request PII necessary for billing and/or shipping, such as: name, address, telephone number, and credit card number.

 SirsiDynix also collects information about the pages visited within SirsiDynix websites.

 SirsiDynix processes 3rd party PII under the direction of our Customers. Our Customers collect PII from their Patrons. For example, our Customers may collect the name, address, phone number, and other Patron information in order to issue a library card. Customers also may collect information about its Patrons activities related to circulation of books and other materials. We have no ownership of this information or any direct relationship with individuals whose PII may be processed as part of providing our Services.

Children’s Privacy

We process certain information on behalf of our Customers about children under the age of 13 (“Children”) within the services we provide. We take children’s privacy seriously, and encourage parents to play an active role in their children’s online experience at all times. These policies and guidelines are applicable to the Children’s PII only to the extent we operate or maintain such Children’s PII on behalf of Customers and collect, host or store any PII of their users in the United States. Each of our Customers who collect Children’s PII may have their own data collection and use practices and policies, including those applicable to children under 13 years of age. In addition to our privacy policy, Customers may have their own privacy requirements for which they are responsible regarding the collection and use of information from children under the age of 13. Parents may have the right to consent to the collection and use of personal information collected by our Customers through our Services; parents should contact our Customers with questions about consent requirements. Please note that we process PII on behalf of our Customers as part of providing our Services; therefore, if you do not consent to the collection and use of personal information for certain Services, you may not be able to use such Services.

The U.S. Children’s Online Privacy Protection Act (“COPPA”) may require that our Customers inform parents and legal guardians about how they collect, use, and disclose personal information from children under 13 years of age and that Customers may need to obtain the consent of parents and guardians in order for children under 13 years of age to use the Services we provide on behalf of Customers.

We make no representations, warranties or guarantees that Children’s information will be completely safe or insulated from inappropriate use by external parties, and we do not represent, warrant or guarantee that other users will not attempt to circumvent the rules, features or aspects of the Services. We do not assume any obligation, liability or responsibility associated with such behavior. Because we act as a service provider for our Customers with respect to any Children’s PII, you may be contacted by the Customer or their representatives for consent to collect or otherwise use information from your children. If required by COPPA, that consent allows us to collect and use information on behalf of that Customer to provide the Service.

Additional safeguards with respect to personal information collected about children

If required by COPPA, our Customers should not collect personal information from children under the age of 13 in the United States unless they register in person with the Customer and with verifiable parental consent.. Some of our Customers collect birth dates to validate the ages of their patrons, including children. Our Customers may also collect an e-mail address from a parent for the purpose of sending a child e-mails related to the child’s account.

How do we notify and obtain consent from parents for the collection of information from their children?

Our U.S. Customers to whom COPPA applies should require a parent’s verifiable consent to the collection of their child’s PII when their child registers in person to create an account for our Services. If the parent refuses to allow the registration, Customers should not create the account as directed by our Customer. Once a parent provides verifiable consent to the collection of their child’s PII, we will, on behalf of our Customer, create the child’s account and provide the child access to the membership areas of the Services. We perform these Services on behalf of our Customers and therefore such Customers may request your consent.

How can parents access, change or delete personally identifiable information about their children?

If COPPA applies, at any time parents should be able to refuse to allow Customers to process PII from their child and can request that any PII we have collected on behalf of or from our Customers be deleted from the records in our Services; this would be performed by our Customers through our Services. Due to the nature of long-term backup media it is not possible to delete all instances of an individual’s PII from all backup media, but this media is protected by robust physical security measures and is disposed of securely when the media is retired. For certain Customers, a parent has certain editorial access to each of his or her children’s accounts through the parent’s master account on our Customers’ sites. Parents may access, change, or delete the PII that our Customers have collected from their children by logging on to the child’s account through the user interface of the applicable Service. The parent will need to have their child’s username and password to log into their child’s account. Instructions are available via links on each of the Services’ home pages provided by our Customers explaining how to recover a password if the user has forgotten it.

If you have any inquiries regarding our Customers’ privacy practices or how they use your child’s personal information, please contact them directly.

If COPPA applies, Parents have the right to consent to the collection and use of PII from a child without also consenting to its disclosure to third parties as we do not share any of this information with third parties outside of the Customer-approved components of our Services provided by third party vendors.

An individual who seeks access to their data, seeks to correct, amend or delete inaccurate data or wishes to opt-out of communications from a Customer should direct his/her query to the Customer with whom he/she directly interacts (the data controller). Patron PII could reside locally with the Customer or in a Cloud environment hosted by SirsiDynix. In either case, SirsiDynix may have access to such PII. For example, when providing support to our Customer for SirsiDynix products and services, SirsiDynix may be granted access to patron PII by our Customers for the purpose of troubleshooting. SirsiDynix may also have access to patron PII for the purpose of aggregating and analyzing non-personally identifiable data. Whenever SirsiDynix is granted access to Customer patron PII it is handled according to the principles of this Privacy Policy. If a SirsiDynix Customer requests that we modify or remove Patron PII on their behalf, we will respond to their request within 30 days.

SirsiDynix may transfer personal information to other companies that help us provide our Services. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Customers.

SirsiDynix will retain personal data we process on behalf of our Customers for as long as needed to provide services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Customers who use the services offered on our Site may submit the personal information of other individuals at their organization to register them as authorized users. It is the Customer’s obligation, as the data controller, to inform its authorized users about the purposes for which information about them is collected and may be used on this Service. Authorized users can update or remove their account information at any time by logging into the Site and editing their account information, or by contacting their administrator. 



SirsiDynix adheres to the American Library Association's Code of Ethics’ guidelines for privacy protection, including the obligation to protect each library patron's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

 Customer information collected by SirsiDynix will be stored and processed in the United States or in other locations that may be required by SirsiDynix’s Customers. Customer patron information collected by Customers for use with SirsiDynix products and services will be processed and stored at either a local Customer-hosted SirsiDynix site or a regional SirsiDynix hosting facility.

SirsiDynix abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.

SirsiDynix abides by all applicable privacy statutes and regulations for the nations in which users reside. The SirsiDynix safe harbor statement can be found below.

Notification of Changes

We may update this privacy statement to reflect changes to our information practices including any material changes to how we use PII collected from children under age 13. If we make any material changes we will notify you by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.


PII will not be sold, leased, or otherwise distributed or disclosed to outside parties unless required by law. PII will not be collected, sold, leased, or otherwise distributed or disclosed for commercial purposes.

PII will not be sold, leased or otherwise distributed or disclosed without notice being given to the individual. At that time, the individual can request the PII not be shared. PII will not knowingly be collected directly by SirsiDynix from children.

What information may be collected on our website(s) without user registration:

The domain name (e.g. of the visitor.

The IP address of the computer or Internet provider.

The date/time you accessed the site.


Email Address


Phone number

Company Information

How the collected information is used:

Measuring traffic flow and volume.

Diagnosing server problems.

Determining which parts of the site users are visiting.

Delivering services, for example press releases, events information, training or software, which the user requested or purchased.

To notify our users of product upgrades, special offers, updated information and other services.

To allow user access to limited-entry Websites.


SirsiDynix may send out periodic e-mails to its Customers about services or security issues related to a product or service. The user will not be able to choose to use the automatic unsubscribe feature to disable these mailings, as they are considered an essential part of the service the user or customer selected during registration. Users or customers may opt out of such mailings by closing the associated account, contacting SirsiDynix according to the process described in the Opt-Out Features section, below.

Disclosure of PII

No attempt is made to identify individual website users unless illegal behavior is suspected.

Network traffic is monitored to identify unauthorized attempts to upload or change information, or otherwise cause damage to the SirsiDynix's web services. PII may be disclosed: 

If required to do so by law, or in the good-faith belief that such action is necessary when it is believed that disclosing the information is necessary to identify, contact or bring legal action against someone who may be violating this Privacy Policy or to protect and defend the rights or property of SirsiDynix.

To act in urgent circumstances to protect the personal safety of SirsiDynix employees, users of SirsiDynix products or services, or members of the public or when someone may be causing injury to or interfering with SirsiDynix's rights or property, other users, or anyone else who could be harmed by such activities.

To conform to the edicts of the law or comply with legal process served on SirsiDynix.

If SirsiDynix is involved in a merger, acquisition, or sale of all or a portion of its assets, a prominent notice will be displayed on our Web site of any change in ownership or uses of PII, as well as any choices you may have regarding your personal information, will be posted

SirsiDynix may occasionally hire or use other parties to provide limited services on our behalf, including packaging, mailing/delivering purchases, answering questions about products or services, sending postal mail and processing event registration. We will only provide those companies the information they need to deliver the service, and they are prohibited from using PII for any other purpose.

Tracking Technologies

Technologies such as cookies, beacons, tags and scripts are used by SirsiDynix and our partners (i.e., library content enhancement services, secure financial transaction handlers, e-resource vendors, big data analytics providers). [specify type, e.g., marketing partners, affiliates, analytics, or service providers] [specify type of service that third party provides, e.g., online customer support provider, etc.].  These technologies are used in analyzing trends, administering the site, allowing access to certain functions, such as the online catalog and electronic resources, to help better manage content on our site, tracking users’ movements around the site and to gather demographic information about our user base as a whole.  We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. .

Temporary cookies files are automatically deleted when you close your browser. Cookies can be "turned off" or disabled by changing the proper setting in your browser. Changing the browser setting will disable all cookies delivered to your browser not just the ones delivered by SirsiDynix; however, the user will not experience a personalized visit nor will the user be able to subscribe to the service offerings on the site.

Local Storage Objects (HTML 5)

We use Local Storage Objects (LSOs) such as HTML 5 to store content and preferences.  Third parties with whom we partner to provide certain features on our site use HTML 5 to collect and store information.  Various browsers may offer their own management tools for removing HTML 5 LSOs.


SirsiDynix's website(s) may contain links to other sites. SirsiDynix is not responsible for the accuracy, currency, and content of any other sites to which SirsiDynix provides hyperlinks or access. SirsiDynix is not responsible for the privacy practices of other sites. SirsiDynix cannot be responsible for an individual's privacy when a patron discloses information to outside web sites.

SirsiDynix encourages users to be aware when they leave SirsiDynix's site(s), to read the privacy statements of each and every web site that collects PII. It is the individual's responsibility to protect their PII, including user name and password information. SirsiDynix's Privacy Policy applies solely as described herein.

Our Web site includes Social Media Features, such as the Facebook Like button and links to our various social media pages. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.


Credit card transactions for SirsiDynix offerings are almost always completed through third-party payment processors without SirsiDynix having any access to related PII.  Such processors use industry-standard technology to safeguard the confidentiality of the individual information. This technology includes use of firewalls, secure socket layers (SSL), and/or encryption. In instances where SirsiDynix takes credit card information directly, such information is processed through a third party payment processor as described above, and SirsiDynix does not retain a copy of the credit card information provided.

In order to further protect individual information, Customers and their patrons should always log out and close the browser when finished using a shared or public computer.

SirsiDynix takes reasonable steps to prevent the introduction of viruses, worms, or other destructive materials into or through its systems. However, SirsiDynix does not guarantee or warrant that materials downloaded from SirsiDynix do not contain viruses, worms, or other destructive materials. SirsiDynix is not liable for any damages or harm attributable to such materials. Usage of materials available via download from SirsiDynix is solely at the user's own risk. No security system is impenetrable. SirsiDynix cannot guarantee the absolute security of its database. SirsiDynix cannot guarantee that the information supplied by the user will not be intercepted while being transmitted to SirsiDynix over the Internet. Depending on our Customers’ security feature selection, information collected through our service is processed via secure socket layers (SSL).

Customer User Access and Choices/Opt-Out

If our Customers’ personal information changes, they may correct, update, amend, remove, or ask to have it removed by making the change on the user account settings page, by emailing our Customer Support at or by contacting us by telephone or postal mail at the contact information listed below. If you no longer desire our Services, please contact us directly. We will respond to your request within 30 days.

We will retain Customer information for as long as an account is active or as needed to provide Customers with services. Due to the nature of long-term backup media it is not possible to delete all instances of an individual’s PII from all backup media, but this media is protected by robust physical security measures and is disposed of securely when the media is retired. We will retain and use Customer information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Website users may discontinue receiving some of the communications from SirsiDynix, such as e-mail newsletters announcing new features, contests, and new content, by sending an e-mail to Website users may also discontinue receiving some of the communications from SirsiDynix by editing account settings.

Customer Patron User Access and Choices/Opt-Out

If a Customer Patron’s personal information changes, they may correct, update, amend, or remove it by making the change on the user account settings page, or by contacting a Customer representative.

We will retain Customer Patron information on live systems for as long as an account is active or as needed to provide the Customer Patron with Services. Due to the nature of long-term backup media it is not possible to delete all instances of an individual’s PII from all backup media, but this media is protected by robust physical security measures and is disposed of securely when the media is retired. SirsiDynix retains data on systems for no longer than one year. Additionally, we will retain and use Customer Patron information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Enforcement of this Privacy Statement

If an individual has questions regarding this statement, individuals should first contact SirsiDynix by e-mail at Should you not receive acknowledgement of your inquiry or if the inquiry has not been satisfactorily addressed, the individual should then contact the Legal Department.

Contact Information

SirsiDynix welcomes comments regarding this privacy policy, please contact us by e-mail at:
Attention: Legal Department
3300 North Ashton Blvd Suite 500
Lehi, UT 84043
United States                      

Toll-free: 800.288.8020
Phone: 1.801.223.5200
Fax: 1.801.223.5202


This Statement describes how SirsiDynix collects and uses certain personally identifiable information that it receives in the United States from the European Union and Switzerland ("EU and Swiss Personal Data"). In particular, SirsiDynix recognizes that the European Union and Switzerland have established strict protections regarding the handling of EU and Swiss Personal Data, and SirsiDynix therefore has elected to adhere to the US-EU Safe Harbor Privacy Principles and US-Switzerland Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (together, the "Safe Harbors") with respect to such EU and Swiss Personal Data that it receives in the United States. For further background and information about the Safe Harbors, and to see SirsiDynix’s representation on the Safe Harbor List, please refer to the U.S. Department of Commerce's website at

Categories of Individual Data Subjects

In general, SirsiDynix may obtain EU and Swiss Personal Data in the United States about several different types of individuals, including (i) website visitors, and (ii) Customers, Customer patrons, suppliers, and business partners, and (iii) SirsiDynix's own employees. SirsiDynix's practices with respect to each of these types of individual data subjects are described below.

Website Visitors

SirsiDynix collects, uses, and discloses information about website visitors located in the EU or Switzerland in accordance with the Website Privacy Policy at

Customers, Suppliers, and Business Partners

SirsiDynix may obtain various types of EU and Swiss Personal Data about Customers, patrons of our Customers, suppliers, and business partners. Such data may include contact information (names, titles, addresses, phone and fax numbers, and e-mail addresses); information about products and services ordered or provided; financial and payment information; user ID, passwords, and information collected through Internet-based and e-commerce activities, and other transaction-related data.

SirsiDynix may use these types of EU and Swiss Personal Data for business purposes, including to deliver or provide products or services; to trouble-shoot server problems, to establish or maintain Customer and business relationships; to provide access to Internet-based and e-commerce activities; to perform accounting functions; and to conduct other activities as necessary or appropriate in connection with the servicing and development of the business relationship.

Patrons, employees and agents of our Customers, business partners, and suppliers may contact us if any of their EU and Swiss Personal Data changes, or if they would like to access and correct EU and Swiss Personal Data that we maintain about them. Such persons can contact us by sending an e-mail to the SirsiDynix Legal Office, or by using the information at the end of this privacy statement. Also, to the extent that any of these individuals receive marketing communications from SirsiDynix, and wish to unsubscribe or otherwise stop receiving such communications, they can contact us at our website:

SirsiDynix Employees

SirsiDynix employees located in the European Union should consult with their local human resources manager to obtain information about SirsiDynix's practices with respect their EU and Swiss Personal Data. Online job applicants to SirsiDynix should also consult any additional terms that apply when they submit their applications and/or resumes.

Other Necessary Disclosures

SirsiDynix may disclose EU and Swiss Personal Data to business partners and subcontractors as necessary in connection with the performance of requested services or solutions, or as otherwise appropriate in connection with a legitimate business need. SirsiDynix may also disclose EU and Swiss Personal Data as necessary in connection with the servicing the software and hardware of the business. In these situations, SirsiDynix will require the recipient of the data to protect the data in accordance with the relevant principles in the Safe Harbors, or otherwise take steps to ensure that the EU and Swiss Personal Data is appropriately protected. SirsiDynix may also disclose EU and Swiss Personal Data where required or permitted by law, or where SirsiDynix believes that such disclosures are appropriate in connection with a law enforcement request.

Data Security and Integrity

SirsiDynix stores and processes EU and Swiss Personal Data at locations primarily in the EU. On occasion, EU and Swiss Personal Data may be accessed from or transferred to the United States for legitimate business purposes. SirsiDynix takes reasonable precautions to protect EU and Swiss Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction whether such Data is located in the EU or the United States. SirsiDynix also makes reasonable efforts to keep EU and Swiss Personal Data accurate, current, and complete, and reliable for its intended use.

Dispute Resolution

SirsiDynix participates in the EU Safe Harbor Privacy Framework as set forth by the United States Department of Commerce. As part of our participation in the safe harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us (as provided above). If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe by Internet here, fax to 415-520-3420, or mail to TRUSTe Safe Harbor Compliance Dept., click for mailing address. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, click here or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English. For human resources data we have agreed to cooperate with Data Protection Authorities. .


If you have any questions about this Safe Harbor Privacy Statement, or if you would like to request access to EU and Swiss Personal Data that we may maintain about you, please contact us as follows:

Attention: Legal Department
3300 North Ashton Blvd Suite 500
Lehi, UT 84043
United States                

Toll-free: 800.288.8020
Phone: 1.801.223.5200
Fax: 1.801.223.5202

E-mail: SirsiDynix Legal/Privacy Office


Any questions regarding this Safe Harbor Privacy Statement should first be directed to the SirsiDynix contact above. If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you may then contact the local data protection authorities in your EU member state or Switzerland for further information.