Sirsi Corporation and its affiliated companies, dba SirsiDynix, and its subsidiary, EOS International (referred to collectively in this Privacy Policy as “SirsiDynix,” we,” “us” or the “Company”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, protect and process information relating to individuals (“Personal Data”) and your rights and choices regarding your Personal Data. Personal Data does not include aggregated data from which personally identifiable information has been removed.
This Privacy Policy applies only to our processing of Personal Data as a controller. When we process Personal Data on behalf of our customers as a processor, sub-processor or service provider, we do so in accordance with their written instructions to us and other written agreements with them. For information regarding the processing of Personal Data by organizations that use our products and services, please contact those organizations directly.
1. Contact information
To exercise rights applicable to you
To exercise rights that may apply to you as described in Section 6 below, please click here for our web form (most efficient) or call 800-288-8020.
If you have questions regarding this Privacy Statement or require assistance with a data privacy issue, you may direct your inquiry to:
Attn: Data Protection Officer
Address:
3300 North Ashton Blvd, Suite 500
Lehi, UT 84043 United States
Email:
legal@sirsidynix.com
Phone:
800-288-8020
801-223-5200
Our representative for purposes of Regulation (EU) 2016/679 (General Data Protection Regulation, or GDPR) in the European Union:
SirsiDynix SASU
Address:
90-92 Route de la Reine
92100 Boulogne-Billancourt, France
Email:
legal@sirsidynix.com
Phone:
0800 906 580
Our representative for purposes of the UK General Data Protection Regulation, or UK GDPR is:
Sirsi Ltd
Address:
The Wenta Business Centre Sirsi Ltd Colne Way, Watford, UK WD24 7ND
Email:
legal@sirsidynix.com
Phone:
+44 (0)1923 202900
If you have a privacy or data use concern that we have not addressed satisfactorily, you may contact TrustArc, our U.S.-based third party dispute resolution provider, free of charge at https://feedback-form.truste.com/watchdog/request.
2. Personal Data we collect and the purposes for which we use it
We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data. Otherwise, for purposes of GDPR compliance, we rely on our legitimate interests or another authorized legal basis, as described below.
A. Purchases.
To enable you to purchase our products and services under a contract, we or our processors or service providers may collect and process the following payment information:
your name
your credit card information or other payment information
We use a third-party payment processor for these purposes, and we do not store financial information used in payment processing.
B. Product and service delivery.
To fulfill our contract with you or your employer (e.g., if you are an authorized user of our products and services or you work for a supplier of SirsiDynix), we may process the following Personal Data as necessary for our performance of the contract:
your name
your email address
your telephone number
your shipping address
login information, if services require an online account
C. Conferences, events and office visits.
To facilitate to our interest in promoting security, health, safety and confidentiality in connection with conferences, other events and visits to our offices, or to fulfill our contract with you or your employer in connection with such activities, we may process the following Personal Data:
your first and last names
your email address
your telephone number
In addition, certain health data (which may include special or sensitive categories of Personal Data) may be processed for office visits and at events during epidemics or pandemics to ensure the safety and security of our visitors and employees (where legally permitted or required) with your consent or where necessary for reasons of public interest and public health.
D. Product and service information.
To facilitate our interest in promoting our products and services, and after obtaining your consent if legally required, we may process the following Personal Data to provide you with information about our products and services:
your name
your email address
E. Transactional and other business communications.
To facilitate our interest in communicating with you or your employer when conducting business transactions and other business activities, we may process the following Personal Data:
your name
your email address
your telephone number
F. Website and service management and improvement.
To facilitate our interest in managing and improving our websites and services, and in some cases to fulfill our contract with you or your employer, we may automatically collect and process certain Personal Data when you visit our websites or use our services. Such Personal Data may include:
your IP address
your browser type
your operating system
your domain name
your access times
referring web site addresses
We do not link this automatically collected data to other information we collect about you.
G. Cookies.
To facilitate our interest in managing and improving our websites and services, and where required after obtaining your consent, we and our partners use cookies or similar technologies to analyze trends, allow access to certain functions, track your navigation of our websites, and gather aggregated information about our user base. You can control the use of cookies by using you browser controls or by clicking the “Your Privacy Choices” link in the footer of our website pages.
H. Legal compliance and risk mitigation.
We may collect and process Personal Data listed in the foregoing paragraphs to the extent reasonably necessary to comply with applicable laws; in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; to protect the vital interests of individuals and to facilitate our legitimate interests in preventing fraud, legal claims, and liabilities.
3. How we disclose Personal Data
Your Personal Data will be accessible to our employees who require access for the purposes described in this Privacy Policy. Our contracted data processors and service providers (such as payment card processors, if applicable) are authorized to use and disclose Personal Data only as necessary to perform the services for which they were engaged by us.
Other parties to whom we may disclose your personal data to include:
potential purchasers of, or successor in interest to, all or a portion of our business or assets; and
others pursuant to consent obtained from you.
4. Transfers and Storage of Personal Data
We and the third parties described in Section 3 above may collect, transfer and store your Personal Data in countries that may not provide for the same level of data protection as your jurisdiction. In such cases, we ensure that recipients of your Personal Data provide an adequate level of protection and security through mechanisms for the transfer of data approved by applicable governments and regulators.
For purposes of transferring Personal Data between the United States and the EU, the UK and other covered countries, we participate in, and comply with, the EU-U.S. Data Privacy Framework and UK Extension to the Framework administered by the U.S. Department of Commerce (the “Frameworks”). We have certified to the U.S. Department of Commerce that we adhere to the principles described in the Frameworks (the “Principles”) in our treatment of such Personal Data. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles will govern. You may learn more about the Data Privacy Frameworks at the U.S. Department of Commerce’s Data Privacy Framework website. You may find our listing and the listings of other Data Privacy Framework participants on the Data Privacy Framework List.
If you have any questions or complaints relating to our participation in, or compliance with, the Frameworks, you may contact us via our webform or other methods described in Section 1 above. If we are unable to resolve a complaint, we commit to submitting the complaint to the third-party dispute resolution provider described in Section 1 above to resolve the dispute. The services of the dispute resolution provider will be available at no charge to you. Binding arbitration is available to address complaints not resolved by other means. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In the context of an onward transfer, we are responsible for the processing of Personal Information we receive under the Frameworks and subsequently transfer to a third party acting as an agent on our behalf. We remain liable under the Principles if our agent processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We utilize data centers in the United States, the United Kingdom, Australia, Canada, Chile and Singapore. Generally, Personal Data is stored and processed in the geographic region where the data subject is located or in the United States.
In compliance with the Frameworks, SirsiDynix commits to refer unresolved complaints concerning our handling of personal data received in reliance on the Frameworks to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your Frameworks-related complaint from us, or if we have not addressed your Frameworks-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding our compliance with Frameworks not resolved by any of the other mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official Frameworks website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
5. Criteria and time for retaining Personal Data
We will retain your Personal Data no longer than reasonably necessary to complete the original purposes of its collection or to fulfill our legal obligations. Retention periods are based on the purposes for which the data are collected; the quantity, nature, and sensitivity of the data; and on applicable statutes of limitation and other legal requirements.
6. Your rights and how to exercise them
Depending on the data protection laws that apply to you, you may have specific rights regarding your Personal Data, which may include:
the right to request access to and rectification or erasure of your Personal Data;
the right to restrict our processing of your Personal Data or to object to processing;
the right to transfer your Personal Data to another controller;
the right to withdraw your consent to process your Personal Data;
the right to lodge a complaint with a regulatory authority;
the right to know about the categories and specific items of Personal Data we have collected about you;
the right to request correction of inaccurate Personal Data;
the right to opt-out of the sale or sharing of your Personal Data;
the right to obtain copies of agreements or portions of agreements between SirsiDynix and other organizations that control or process your Personal Data;
the right to non-discrimination for exercising your rights; and
the right of no retaliation following your exercise of your rights.
If any of these rights are applicable to you, you may exercise them by contacting us as described in Section 1 above.
Note regarding our processing of Personal Data on behalf of our customers. We process Personal Data on behalf of libraries and other organizations who use our products and services. Such organizations are the controllers of the Personal Data. If your Personal Data has been submitted to us for processing on behalf of one of these organizations and you wish to exercise any rights you may have under applicable data protection laws, please contact that organization directly. We will assist the organization in responding to your request as required by applicable laws.
7. How we protect your Personal Data
Personal Data is stored on servers and systems that are owned by us which may be located in secure facilities contracted by us under written agreements which comply with this Privacy Policy.
We maintain appropriate technical, administrative and physical safeguards to protect personal data received or collected by us. We review, monitor and evaluate our privacy practices and protection systems on a regular basis.
Notwithstanding the foregoing measures, transmissions over the Internet or mobile networks are not 100% secure and we do not guarantee the security of such transmissions.
8. Links
Our websites and services may contain links to websites or services operated by third parties. We are not responsible for the accuracy, currency, or content of any such websites or services. We are not responsible for the privacy policies or practices of any third party.
We encourage you to be aware when you leave our websites or services to read the privacy statements of each linked website or service that collects Personal Data. It is your responsibility to protect your Personal Data, including username and password information.
9. Children
Our products and services are marketed and offered to libraries and institutions (referred to collectively in this Section 9 as “Libraries”). We do not market our products or services to, and do not solicit or collect information on our own behalf from, children.
Libraries may use our products and services to provide accounts to children, including children under the age of thirteen. The U.S. Children’s Online Privacy Protection Act (“COPPA”) or other laws may apply to Libraries’ collection and processing of the Personal Data of children, and it is the responsibility of each Library to comply with all laws applicable to it and to its collection of children’s Personal Data.
10. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes to our practices regarding Personal Data. If we make any material changes, we may notify you by means of a notice on this website. We encourage you to periodically review this page for the latest information on our privacy policies and practices.
11. California Consumer Privacy Act (CPPA) disclosures
We do not “share” or “sell” your information, as those terms are defined in the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CRPA).
CCPA Personal Data Category
Personal Data Processed by Us
Collected in Last 12 Months?
Sold or Shared in Last 12 Months?
Disclosed* for Business Purposes in Last 12 Months
Identifiers
Contact information, such as name, mailing address, email address, telephone number, social security number, driver's license number, passport number
Yes
No
Yes
Internet or other electronic network activity
Information stored in cookies as described in this Policy
Yes
No
No
Professional or employment information
Contact information
Yes
No
Yes
* Additional information for employees and job applicants is available on the SirsiDynix intranet and in application and pre-hire documentation provided by SirsiDynix. ** Disclosures are made to the parties and for the purposes describe in this Privacy Policy.