Legal & Privacy Terms

SIRSIDYNIX: PRIVACY POLICY

Effective date of Oct 25, 2023

This page was last updated October 25, 2023.
TRUSTe

Sirsi Corporation and its affiliated companies, dba SirsiDynix, and its subsidiary, EOS International (referred to collectively in this Privacy Policy as “SirsiDynix,” we,” “us” or the “Company”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, protect and process information relating to individuals (“Personal Data”) and your rights and choices regarding your Personal Data. Personal Data does not include aggregated data from which personally identifiable information has been removed.

This Privacy Policy applies only to our processing of Personal Data as a controller. When we process Personal Data on behalf of our customers as a processor, sub-processor or service provider, we do so in accordance with their written instructions to us and other written agreements with them. For information regarding the processing of Personal Data by organizations that use our products and services, please contact those organizations directly.

1. Contact information

To exercise rights that may apply to you as described in Section 6 below, please click here for our web form (most efficient) or call 800-288-8020.

For all other data privacy inquiries

If you have questions regarding this Privacy Statement or require assistance with a data privacy issue, you may direct your inquiry to:

Attn: Data Protection Officer

address icon

Address:

3300 North Ashton Blvd, Suite 500 Lehi, UT 84043 United States

address icon

Email:

legal@sirsidynix.com

address icon

Phone:

800-288-8020

801-223-5200

Our representative for purposes of Regulation (EU) 2016/679 (General Data Protection Regulation, or GDPR) in the European Union is SirsiDynix SASU:

address icon

Address:

90-92 Route de la Reine
92100 Boulogne-Billancourt, France

address icon

Email:

legal@sirsidynix.com

address icon

Phone:

0800 906 580

If you have a privacy or data use concern that we have not addressed satisfactorily, please contact TrustArc, our U.S.-based third party dispute resolution provider, free of charge at https://feedback-form.truste.com/watchdog/request.

2. Personal Data we collect and the purposes for which we use it

We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data. Otherwise, for purposes of GDPR compliance, we rely on our legitimate interests or another authorized legal basis, as described below.

A. Purchases.

To enable you to purchase our products and services under a contract with you, we or our processors may collect and process the following payment information:

  • your first and last names
  • your credit card information or other payment information

We use a third-party payment processor for these purposes, and we do not store financial information used in payment processing.

B. Product and service delivery.

To fulfill our contract with you or your employer (e.g., if you are an authorized user of our products and services or you work for a supplier of SirsiDynix), we may process the following Personal Data as necessary for our performance of the contract:

  • your first and last names
  • your email address
  • your telephone number
  • your shipping address
  • login information, if services require an online account

C. Conferences, events and office visits.

To facilitate to our interest in promoting security, health, safety and confidentiality in connection with conferences, other events and visits to our offices, or to fulfill our contract with you or your employer in connection with such activities, we may process the following Personal Data:

  • your first and last names
  • your email address
  • your telephone number

In addition, certain health data (which may include special categories of Personal Data) may be processed for office visits and at events during epidemics and pandemics to ensure the safety and security of our visitors and employees (where legally permitted) with your consent or where necessary for reasons of public interest and public health.

D. Product and service information.

To facilitate our interest in promoting our products and services, and after obtaining your consent if legally required, we may process the following Personal Data to provide you with information about our products and services:

  • your first and last names
  • your email address

E. Transactional and other business communications.

To facilitate our interest in communicating with you or your employer when conducting business transactions and other business activities, we may process the following Personal Data:

  • your first and last names
  • your email address
  • your telephone number

F. Website and service management and improvement.

To facilitate our interest in managing and improving our websites and services, and in some cases to fulfill our contract with you or your employer, we may automatically collect and process certain Personal Data when you visit our websites or use our services. Such Personal Data may include:

  • your IP address
  • your browser type
  • your operating system
  • your domain name
  • your access times
  • referring web site addresses

We do not link this automatically collected data to other information we collect about you.

G. Cookies.

To facilitate our interest in managing and improving our websites and services, and where required after obtaining your consent, we and our partners use cookies or similar technologies to analyze trends, allow access to certain functions, track your navigation of our websites, and gather aggregated demographic information about our user base. You can control the use of cookies at the individual browser level.

H. Legal compliance and risk mitigation.

We may collect and process Personal Data listed in the foregoing paragraphs to the extent reasonably necessary to comply with applicable laws; in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; to protect the vital interests of individuals and to facilitate our legitimate interests in preventing fraud, legal claims, and liabilities.

3. How we disclose Personal Data

Your Personal Data will be accessible to our employees who require access for the purposes described in this Privacy Policy. Our contracted data processors and service providers (such as payment card processors, if applicable) are authorized to use and disclose Personal Data only as necessary to perform the services for which they were engaged by us.
Other parties we may disclose your personal data to include:

  • potential purchasers of, or successor in interest to, all or a portion of our business or assets; and
  • others pursuant to consent obtained from you.

4. Transfers and Storage of Personal Data

We and the third parties described in Section 3 above may collect, transfer and store your Personal Data in countries that may not provide for the same level of data protection as your jurisdiction. In such cases, we ensure that recipients of your Personal Data provide an adequate level of protection and security through mechanisms for the transfer of data approved by applicable governments and regulators.

For purposes of transferring Personal Data between the United States and the EU, the UK and other covered countries, we participate in, and comply with, the EU-U.S. and UK Extension to the EU-U.S. Data Privacy Frameworks administered by the U.S. Department of Commerce (the “Frameworks”). We have certified to the U.S. Department of Commerce that we adhere to the principles described in the Frameworks (the “Principles”) in our treatment of such Personal Data. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles will govern. You may learn more about the Data Privacy Frameworks at the U.S. Department of Commerce’s Data Privacy Framework website. You may find our listing and the listings of other Data Privacy Framework participants on the Data Privacy Framework List.

If you have any questions or complaints relating to our participation in, or compliance with, the Frameworks, you may contact us via our webform or other methods described in Section 1 above. If we are unable to resolve a complaint, we commit to submitting the complaint to the third-party dispute resolution provider described in Section 1 above to resolve the dispute. The services of the dispute resolution provider will be available at no charge to you. Binding arbitration is available to address complaints not resolved by other means. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

In the context of an onward transfer, we are responsible for the processing of Personal Information we receive under the Frameworks and subsequently transfer to a third party acting as an agent on our behalf. We remain liable under the Principles if our agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

We utilize data centers in the United States, the United Kingdom, Australia, Canada, Chile and Singapore. Generally, Personal Data is stored and processed in the geographic region where the data subject is located or in the United States.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, SirsiDynix commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF and the UK Extension to the EU-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

5. Criteria and time for retaining Personal Data

We will retain your Personal Data no longer than reasonably necessary to complete the original purposes of its collection or to fulfill our legal obligations. Retention periods are based on the purposes for which the data are collected; the quantity, nature, and sensitivity of the data; and on applicable statutes of limitation and other legal requirements.

6. Your rights and how to exercise them

Depending on the data protection laws that apply to you, you may have specific rights regarding your Personal Data, which may include:

  • the right to request access to and rectification or erasure of your Personal Data;
  • the right to restrict our processing of your Personal Data or to object to processing;
  • the right to transfer your Personal Data to another controller;
  • the right to withdraw your consent to process your Personal Data;
  • the right to lodge a complaint with a regulatory authority;
  • the right to know about the categories and specific items of Personal Data we have collected about you;
  • the right to request correction of inaccurate Personal Data;
  • the right to opt-out of the sale of your Personal Data (we do not sell your Personal Data);
  • the right to obtain copies of agreements or portions of agreements between SirsiDynix and other organizations that control or process your Personal Data;
  • the right to non-discrimination for exercising your rights; and
  • the right of no retaliation following your exercise of your rights.

If any of these rights are applicable to you, you may exercise them by contacting us as described in Section 1 above.

Note regarding our processing of Personal Data on behalf of our customers. As described in the second paragraph of this Privacy Policy, we process Personal Data on behalf of libraries and other organizations who use our products and services. Such organizations are the controllers of the Personal Data. If your Personal Data has been submitted to us for processing on behalf of one of these organizations and you wish to exercise any rights you may have under applicable data protection laws, please contact that organization directly. We will assist the organization to respond to your request as required by applicable laws.

7. How we protect your Personal Data

Personal Data is stored on servers and systems that are owned by us or by contractors engaged by us under written agreements which comply with this Privacy Policy.
We maintain appropriate technical, administrative and physical safeguards to protect personal data received or collected by us. We review, monitor and evaluate our privacy practices and protection systems on a regular basis.
Notwithstanding the foregoing measures, transmissions over the Internet or mobile networks are not 100% secure and we do not guarantee the security of transmissions.

8. Links

Our websites and services may contain links to websites or services operated by third parties. We are not responsible for the accuracy, currency, or content of any such website or service. We are not responsible for the privacy policies or practices of any third party.
We encourage you to be aware when you leave our websites or services to read the privacy statements of each linked website or service that collects Personal Data. It is your responsibility to protect your Personal Data, including username and password information.

9. Children

Our products and services are marketed and offered to libraries and institutions (referred to collectively in this Section 9 as “Libraries”). We do not market our products or services to, and do not solicit or collect information on our own behalf from, children.
Libraries may use our products and services to provide accounts to children, including children under the age of thirteen. The U.S. Children’s Online Privacy Protection Act (“COPPA”) or other laws may apply to Libraries’ collection and processing of the Personal Data of children, and it is the responsibility of each Library to comply with all laws applicable to it and to its collection of children’s Personal Data.

10. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our practices regarding Personal Data. If we make any material changes, we may notify you by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

11. California Consumer Privacy Act (CPPA) disclosures

We do not “share” or “sell” your information, as those terms are defined in the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CRPA).

CCPA Personal Data CategoryPersonal Data Processed by UsCollected in Last 12 Months?Sold or Shared in Last 12 Months?Disclosed* for Business Purposes in Last 12 Months
IdentifiersContact information, such as name, mailing address, email address, telephone number, social security number, driver's license number, passport numberYesNoYes
Financial InformationCredit card number, debit card number, and similar information required to process purchaseYesNoYes
Internet or other electronic network activityCookies as described aboveYesNoNo
Professional or employment informationContact informationYesNoYes

* Additional information for employees and job applicants is available on the SirsiDynix intranet and in application and pre-hire documentation provided by SirsiDynix.
** Disclosures are made to the parties and for the purposes describe in this Privacy Policy.