Privacy Policy

For legal purposes, only the English language version of the Privacy Policy is binding.

For legal purposes, only the English language version of the Privacy Policy is binding. Non-english versions are translated from the English language version for your convenience.

TRUSTe

EIS PRODUCTS AND SERVICES PRIVACY POLICY

LAST UPDATED: February 23, 2024
Download PDF

This EIS Products and Services Privacy Policy sets forth EBSCO Information Services’ privacy practices when you use our software, mobile applications, and other products or services (collectively, “Services”), including:

What Information is Collected and How is it Used?

  1. What Information Do We Collect?
    1. Personal Information
    2. Non-Personal Information
    3. Note About HIPAA Compliance
  2. How Do We Collect the Information?
    1. Cookies and Similar Technologies
  3. How Do We Use the Information?
  4. What is Our Legal Basis for Collecting and Using Personal Information?
  5. How Do We Secure Personal Information?
  6. What Are My Rights?
  7. How Can I Exercise My Rights?
  8. What Choices Do I Have?
  9. Collection and Use of Information from Children: Information for Parents
  10. How Long Do We Retain This Information?

EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework

Questions

Changes to Privacy Policy

Miscellaneous

To learn about the privacy practices in effect at our marketing and general audience websites and information gathered when you initiate requests for information about our products or services, go to: EIS Website Privacy Policy .

This Privacy Policy applies to the following entities (collectively, “EBSCO Information Services” or “we” or “us” or “our”):

*For a list of Data Protection Representatives see the table at the end of this Privacy Policy.

EBSCO Information Services respects the privacy of its users and we are committed to protecting our users’ privacy through our compliance with this Privacy Policy.

EBSCO Information Services wants you to have a positive experience in connection with our products and services. Our goal is to provide you with an experience that delivers the information, resources, and services that are helpful to you. In order to achieve this goal, we may collect information from you. This Privacy Policy describes our information collection practices and the privacy principles we follow.

To exercise your privacy rights or to ask us questions about this Privacy Policy or our privacy practices, you can submit a request by contacting us using any of the methods provided in the “How Can I Exercise My Rights?” section of this Privacy Policy.

What Information is Collected and How is it Used?

[Information about children's data and Services directed toward children can be found at Section I of this Policy]

A. What Information Do We Collect?

1. Personal Information: EBSCO Information Services collects, and has collected during the preceding 12-month period, the following categories of personal information (information that identifies you as an individual or relates to an identifiable individual) (collectively, “Personal Information”):

Category of Personal Information Collected

Categories of Sources from Which Personal Information is Collected

Business or Commercial Purpose(s) for Which Personal Information is Collected

Categories of Third Parties with Whom Personal Information is Shared

Personal Identifiers

  • Individuals
  • Customers
  • Service Providers (single sign-on)
  • Authentication
  • Researcher productivity tools
  • Use of our Services
  • Product-related communications
  • Service Providers (operating systems and platforms; communication providers; data analytics providers)

Other Personal Information Categories

  • Individuals
  • Customers
  • Payment processing
  • Reporting continuing education credits
  • Use of our Services
  • Service Providers (payment processors)
  • Continuing education accrediting agencies

Commercial Information

  • Individuals
  • Customers
  • Use of our Services
  • Sales order processing
  • Billing and invoicing
  • Service Providers (operating systems and platforms)

Internet or Other Electronic Network Activity Information

  • Service Providers (operating systems and platforms; other information technology systems; data analytics providers)
  • Delivery, operation, and security of our Services
  • Analytics
  • Improving the user experience
  • Service Providers (data analytics providers; internet service providers; operating systems and platforms)

Geolocation Data

  • Individuals (user’s device)
  • Service Providers (data analytics providers; internet service providers; operating systems and platforms)
  • Use of our Services features
  • Service Providers (data analytics providers; internet service providers; operating systems and platforms)

Education Information

  • Individuals
  • Customers
  • Use of our Services
  • Service Providers (operating systems and platforms)

If you submit any Personal Information relating to other individuals to us or to our service providers in connection with our Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

2. Non-Personal Information: EBSCO Information Services collects information that does not directly reveal your identity or does not directly relate to an identifiable individual. This may include a unique identifier (unconnected to an individual’s Personal Information) and related analytics and usage information that we use to track usage of our Services, track trends in our Services, administer the Services, and improve our users’ experience.

3. Note About HIPAA Compliance: Certain products and services made available by DynaMed, LLC (“HIPAA-compliant Services”) are designed and intended to collect or process protected health information on behalf of covered entities, and are subject to the requirements of the Health Insurance Portability and Accountability Act of 1996, and its associated regulations (HIPAA). This Privacy Policy does not apply to, or restrict our handling of protected health information that may be processed by any HIPAA-compliant Services that you are using. Instead, our handling of protected health information is governed by a separate agreement, including a business associate agreement between us and the customer that has licensed the HIPAA-compliant Services. The terms “protected health information”, “covered entities” and “business associate agreement” used in this section have the same meaning as provided in HIPAA.

B. How Do We Collect the Information?

The categories of sources from which we collect Personal Information are described in the table above.

We only collect and use Personal Information when you voluntarily provide it to us or when an institutional customer provides it to us in connection with its method of authenticating users for access to our Services, with the exception of your IP address, geolocation, and certain device information which may be automatically captured when you access our Services. Please refer to your device’s settings to control the collection and sharing of your geolocation data with us.

If you provide us Personal Information about others, or if others give us your Personal Information, we will only use that information for the specific reason for which it was provided to us.

In order to use some of the unique functions within our Services, a user must first complete a registration form or provide an email address that will require the user’s disclosure of limited Personal Information. Such disclosure is strictly voluntary.

Because of how email communication works, you will have to disclose an email address to us if you choose to contact us or communicate with us by email.

We automatically collect non-Personal Information generated from your use of our Services. We use this non-Personal Information in the aggregate. We do not combine these types of non-Personal Information with Personal Information.

Cookies and Similar Technologies: For information about the cookies and other tracking technologies used by our Services and how to manage your settings for these cookies and technologies, please visit our Cookie Policy.

C. How Do We Use the Information?

The business or commercial purpose(s) for which Personal Information is collected is described in the table above.

We use the Personal Information we collect for the limited purposes of processing your transactions, establishing and/or verifying a person’s or account holder’s identity, customer service, improving and customizing our Services and their content, authorization, content processing, content classification, and providing you with information concerning our Services. We will retain this information for as long as your account is active or as needed to provide you Services, comply with our legal obligations, resolve disputes, and enforce our agreements.

For example, our EBSCOhost Service employs a personalization feature that requires completion of a registration form before a user can use that feature. The personalization feature of EBSCOhost is a powerful tool that provides users with the means to create and save histories of searches they have conducted. We believe the personalization feature is a useful tool that will enhance the user's experience with the Service, but it does require the user to provide Personal Information to us.

We use the non-Personal Information we collect to administer the Services, improve access to the Services, perform diagnostics, collect content-specific usage statistics, protect the Services and their content from inappropriate use, and improve the user's experience.

We may use the Personal Information and non-Personal Information we collect by sharing it with third-party agents, vendors, contractors, partners, or content providers of EBSCO Information Services (collectively, "Service Providers") for purposes of managing purchases of our products and services, providing access to our products and services, servicing our systems, and obtaining support services for our businesses. We are not in the business of selling Personal Information to third-parties or Service Providers and will share it with Service Providers only as we describe in this Privacy Policy. In situations where we share Personal Information with Service Providers, we ensure access is granted to the Service Providers only upon the condition that the Personal Information is kept confidential and is used only for carrying out the services these Service Providers are performing for EBSCO Information Services. As part of making the determination whether we will share Personal Information with Service providers, we will obtain assurances that they will appropriately protect and maintain the confidentiality of Personal Information consistent with this Privacy Policy and as required by applicable law.

The Personal Information we collect from you may be transferred to, and processed in, countries other than the country in which you live. These countries may have data protection laws that are different than the laws of your country. Specifically, the servers we use to provide our Services are located in the United States. This means that when we collect your Personal Information, we may process it in the United States or the country where you live. However, when we process your Personal Information, irrelevant of its processing location, we take appropriate measures, as discussed below, to ensure that your Personal Information remains protected in accordance with this Privacy Policy.

We may share your usage data related to our Services with our affiliates and certain Service Providers for purposes of providing or improving our Services. We will not disclose any information about your usage data related to our Services to unaffiliated third-parties, except as necessary to provide our Services, enhance the product experience, service the legal agreement between us and your employer or affiliated institution under which you are provided access to our Services, to enforce the terms of use, to meet our contractual obligations to report aggregated usage data to content providers, or as required by law.

We also reserve the right to disclose your Personal Information if we are required to do so by law, or in the good faith belief that disclosure of the information is reasonably necessary to comply with legal process, and to the extent permitted by applicable local law, to respond to claims, or to protect or advance the rights, property, safety, or well-being of our company, our employees, customers, or the public.

We will not use your Personal Information for automated-decision making.

In the unlikely event that all or substantially all of the assets of EBSCO Information Services or any of its applicable subsidiaries are acquired, customer information, which may include Personal Information, may be one of the transferred assets unless restricted by applicable local law, in which case the acquiring entity will be subject to the same commitments for such customer information.

D. What is Our Legal Basis for Collecting and Using Personal Information?

Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only:

In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.

If we ask you to provide Personal Information to comply with a legal requirement or to provide the Services or a feature of the Services pursuant to a contract with your institution, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible impact if you do not provide your Personal Information).

Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact information provided below.

E. How Do We Secure Personal Information?

EBSCO Information Services has taken appropriate technical and organizational measures to ensure that Personal Information we have collected or will collect in the future is secure. For example, we have limited the number of people who have access to Personal Information, by electronic security systems and authentication methods that guard against unauthorized access.

As a reminder, EBSCO Information Services provides links to third-party websites. These websites may not have the same privacy policies as EBSCO Information Services. We take reasonable care in recommending these websites, but we are not responsible for their content or privacy policies. We urge users to read the privacy statement of a third-party website when leaving our Services and linking to a third-party website.

We always use industry-standard technologies when transferring and receiving consumer data we receive. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you in connection with our Services.

F. What Are My Rights?

Depending on your country or state of residency, you may have legal rights with respect to your Personal Information, including one or more of the following (each of which may be subject to certain exceptions that will be analyzed on a case-by-case basis):

Right to be Informed

An organization must provide certain information to individuals when collecting and processing their Personal Information.

Right of Access / Right to Know

Individuals have a right to obtain confirmation as to whether or not their Personal Information is being collected and/or processed. Individuals also have a right to request that an organization disclose the Personal Information it collects, uses, discloses, sells, and/or otherwise processes.

Right to Rectification

Individuals have the right to require an organization to correct inaccurate Personal Information concerning the individual and to have incomplete Personal Information completed, including by means of providing a supplementary statement.

Right to Restrict Processing

Individuals have the right to require an organization to restrict the processing of their Personal Information.

Right of Data Portability

Individuals have a right to receive a copy of their Personal Information in a portable and readily usable (structured, commonly used, and machine-readable) format that can be transmitted to certain third parties without hindrance.

Right to Object or Opt-out

Individuals can request an organization to stop processing and/or selling (if applicable) their Personal Information.

Right to Withdraw Consent

Individuals have the right to withdraw their consent to the processing of their Personal Information at any time when the processing is based on the individual’s consent. Withdrawal of consent does not affect processing that occurred prior to such withdrawal (it only has future effect).

Right to Erasure or Deletion

Individuals can request the deletion of their Personal Information collected or maintained by an organization.

Right to Non-discrimination

An organization cannot discriminate against an Individual because of the exercise of their legal rights with respect to their Personal Information.

Right to not be Subject to Automated Decision Making

Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, if such processing has a legal effect or otherwise significantly affects the individual.

Right to Lodge a Complaint

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom, you have the right to lodge a complaint with a supervisory authority in relation to the processing of your Personal Information.

Additional Information Regarding the Right to Know and the Right to Opt-out

EBSCO Information Services does not and will not sell Personal Information to third parties for a business or commercial purpose and has not sold Personal Information to third parties for a business or commercial purpose during the preceding 12 months or at any other time. Likewise, we do not and will not sell Personal Information of minors under 16 years of age without affirmative authorization and have not sold Personal Information of minors under 16 years of age during the preceding 12 months or at any other time.

We disclose, and have disclosed during the preceding 12-month period, the following categories of personal information to third parties for a business or commercial purpose:

Categories of Personal Information Disclosed

Personal Identifiers

Other Personal Information Categories

Commercial Information

Internet or Other Electronic Network Activity Information

Geolocation data

Education Information

Additional Information Regarding the Right to Object

If we process your Personal Information based on our legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing your Personal Information unless we have compelling legitimate grounds to continue processing or where it is needed for compliance and/or legal reasons. Where we use your Personal Information for direct marketing purposes, you can always object or opt-out by using the unsubscribe link in such communications or by submitting a request using any of the methods provided below.

G. How Can I Exercise My Rights?

We want to assure you that you can exercise any legal rights that you have with respect to your Personal Information. Upon request, we will tell you whether or not we have collected or processed any of your Personal Information.

If you would like to manage, change, limit, or delete your Personal Information, you can do so through your account settings within the Services or by submitting a request using any of the methods provided below.

To exercise any other legal rights with respect to your Personal Information, you may submit a request using any of the methods provided below.

We will respond to your request as soon as reasonably possible, but no later than the legally required timeframe.

To exercise your rights (or to ask us questions about this Privacy Policy or our privacy practices), you can submit a request using any of the methods below:

  1. Via Web: Please click here. (This hyperlink will redirect to our privacy management platform provided by our vendor, OneTrust, Inc.)
  2. Via Toll-Free Telephone: 1-833-705-0124
  3. Via Mail: EBSCO Information Services
    5724 Highway 280 E
    Birmingham, AL 35242, USA
    Attn: Data Privacy Officer, Legal Department
  4. Via Email: [email protected]

Verification of Requests

All requests submitted to us will be verified to ensure that the person making the request (the “Requstor”) is the individual about whom we have collected Personal Information. The method we use to verify the Requestor’s identity may vary based on the type of customer or user, the Services used, and the type of Personal Information we have collected. In most cases, we will require the Requestor to provide the following information when submitting a request:

We will use this identifying information to communicate with the Requestor and receive confirmation that they submitted the request, and then match this identifying information with the Personal Information we already maintain. We may also use the contact information that we already maintain to communicate with the individual to confirm that they submitted the request. In rare cases, we may ask for additional information to verify the request, which may include a signed declaration under penalty of perjury that the Requestor is the individual whose Personal Information is the subject of the request.

If the Requestor submits a request to delete Personal Information, we will separately confirm that the individual wants their Personal Information deleted.

We may deny a request if we cannot verify the identity of the Requestor to a reasonable degree of certainty or a reasonably high degree of certainty (depending on the type of request, the sensitivity of the Personal Information, and the risk of harm to the individual posed by a unauthorized request) or, in the case of a request to delete Personal Information, we may deny a request if we are not able to separately confirm that the individual wants their Personal Information deleted.

Authorized Agent

If you use an authorized agent to submit a request, we will require that you:

The above authorized agent requirements do not apply if you have provided the authorized agent with legally binding power of attorney in accordance with applicable law.

We may deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

H. What Choices Do I Have?

We understand that you may not want to allow our disclosure of your Personal Information to our Service Providers, or to let us use that information for purposes that you believe may be incompatible with the purpose for which it originally was collected or that you later may authorize. Therefore, you may contact us to inform us that you do not want to permit these uses of your Personal Information. To do so, please contact us using the contact information provided above.

It is important to us that the Personal Information we collect is appropriate and relevant to the purposes for which we intend to use it. We will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the person providing the information. EBSCO Information Services will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

You may sign-up to receive email newsletters or other marketing materials from us. If you would like to discontinue receiving this information, you may immediately update your email preferences free of cost by using the “Unsubscribe” link found in emails we send to you or through your account settings within the Services or by submitting a request using any of the methods provided above.

I. Collection and Use of Information from Children: Information for Parents

Most of our Services are not directed toward children. For our Services that are designed to be used by children under 16 years of age, we comply with the provisions of the Children's On-Line Privacy Protection Act ("COPPA") and other applicable laws. If a user under 16 years of age wants to use our personalization features, we ask the user to register with their first name (not considered personal information by the US Federal Trade Commission) and a unique identifier only.

To the extent we collect any information of minors under 16 years of age that is considered personal information under any applicable law, we do not and will not sell such information without affirmative authorization and have not sold such information during the preceding 12 months or at any other time.

If you are a parent and have questions about our practices, please feel free to contact us using the contact information provided above.

J. How Long Do We Retain This Information?

We retain Personal Information we collect from you where we have an ongoing legitimate business interest or other legal need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no further legitimate business interest or legal need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework

EBSCO Industries, Inc. and its subsidiaries EBSCO International, Inc., EBSCO Publishing, Inc. dba EBSCO Information Services, DynaMed, LLC, and Yankee Book Peddler, Inc. dba GOBI Library Solutions from EBSCO (collectively, the “EBSCO Covered Entities”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

The EBSCO Covered Entities have certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK Extension to the EU-U.S. DPF with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. The EBSCO Covered Entities have certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The EBSCO Covered Entities are responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. The EBSCO Covered Entities comply with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over the EBSCO Covered Entities’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF. In certain situations, the EBSCO Covered Entities may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, the EBSCO Covered Entities commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. EU, EEA, and Swiss individuals with inquiries or complaints may contact the EBSCO Covered Entities by mail at 5724 Highway 280 E, Birmingham, AL 35242 USA, Attn: Data Privacy Officer or by email at [email protected]. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Questions

If you have any questions, comments, or concerns regarding this Privacy Policy or our practices, please use the contact information found at that page or provided above.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Changes to Privacy Policy

We will notify you of changes to this Privacy Policy by posting an updated policy on this page. You acknowledge that any use of our Services is based on this Privacy Policy, current at the time of use. If we make any material changes, we will notify you by email notification or a notice via the Services (such as a banner or pop-up) prior to the changes becoming effective and provide you with the ability to consent to these changes (such as an "I agree" or "OK" button, or a prominent statement indicating the changes are in effect and continued use of the Services signifies consent). We encourage you to periodically review this page for the latest information on our privacy practices.

Miscellaneous

This Privacy Policy does not apply to information collected by LearningExpress, LLC. To learn more about the information practices of LearningExpress, LLC, please visit its website, www.learningexpresshub.com.

Alternative Format / Accessibility: To access this Privacy Policy in an alternative format, click here to download a PDF version. If you have accessibility questions, please contact [email protected].

Do Not Track Signals: EBSCO Information Services does not recognize automated browser signals regarding tracking mechanisms, which may include ‘do not track’ instructions.

Data Protection Representatives

Data Protection Representative

Country of Business Registration

EBSCO International, Inc.

United Kingdom and Sweden

EBSCO Information Services SAS

France

EBSCO GmbH

Austria

EBSCO Information Services GmbH

Germany

EBSCO Information Services B.V.

Netherlands

EBSCO Information Services S.r.l.

Italy

EBSCO Subscription Services Espana S.L.U.

Spain

EBSCO Information Services s.r.o.

Czech Republic

EBSCO Sp. z.o.o

Poland

EIS WEBSITE PRIVACY POLICY

LAST UPDATED: February 23, 2024
Download PDF

This EIS Website Privacy Policy sets forth the privacy practices in effect at EBSCO Information Services’ marketing and general audience websites (collectively, the “Websites”) and information gathered when you initiate requests for information regarding our products or services, including:

What Information is Collected and How is it Used?

  1. What Information Do We Collect?
    1. Personal Information
    2. Non-Personal Information
    3. Note About HIPAA Compliance
  2. How Do We Collect the Information?
    1. Cookies and Similar Technologies
  3. How Do We Use the Information?
  4. What is Our Legal Basis for Collecting and Using Personal Information?
  5. How Do We Secure Personal Information?
  6. What Are My Rights?
  7. How Can I Exercise My Rights?
  8. What Choices Do I Have?
  9. Collection and Use of Information from Children: Information for Parents
  10. How Long Do We Retain This Information?

EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework

Questions

Changes to Privacy Policy

Miscellaneous

The Websites do not include those sites which host our products, services, software, and mobile applications, which are governed by their own privacy policies.

This Privacy Policy applies to the following entities (collectively, “EBSCO Information Services” or “we” or “us” or “our”):

*For a list of Data Protection Representatives see the table at the end of this Privacy Policy.

EBSCO Information Services respects the privacy of its users and we are committed to protecting our users’ privacy through our compliance with this Privacy Policy.

EBSCO Information Services wants you to have a positive experience at our Websites. Our goal is to provide you with an experience that delivers the information, resources and services that are helpful to you. In order to achieve this goal, we may collect information from you. This Privacy Policy describes our information collection practices and the privacy principles we follow.

To exercise your privacy rights or to ask us questions about this Privacy Policy or our privacy practices, you can submit a request by contacting us using any of the methods provided in the “How Can I Exercise My Rights?” section of this Privacy Policy.

What Information Is Collected and How is it Used?

[Information about children's data and our Websites can be found at Section I of this Policy]

A. What Information Do We Collect?

1. Personal Information: EBSCO Information Services collects, and has collected during the preceding 12-month period, the following categories of personal information (information that identifies you as an individual or relates to an identifiable individual) (collectively, “Personal Information”):

Category of Personal Information Collected

Categories of Sources from Which Personal Information is Collected

Business or Commercial Purpose(s) for Which Personal Information is Collected

Categories of Third Parties with Whom Personal Information is Shared

Personal Identifiers

  • Individuals
  • Customers
  • Data resellers (attendee lists and business prospect lists)
  • Sales
  • Products and services information and awareness
  • Business partners
  • Service Providers (operating systems and platforms; communication providers; data analytics providers)

Other Personal Information Categories

  • Individuals
  • Customers
  • Data resellers (attendee lists and business prospect lists)
  • Sales
  • Products and services information and awareness
  • Payment processing
  • Business partners
  • Service Providers (payment processors)

Internet or Other Electronic Network Activity Information

  • Individuals
  • Service Providers (operating systems; other information technology systems; data analytics providers)
  • Delivery, operation, and security of our Websites
  • Analytics
  • Improving the user experience
  • Sales
  • Products and services information and awareness
  • Service Providers (data analytics providers; internet service providers; operating systems and platforms; advertising networks; social networks)

Geolocation Data

  • Individuals (user’s device)
  • Service Providers (data analytics providers; internet service providers; operating systems and platforms)
  • Website performance
  • Location-based sales
  • Service Providers (data analytics providers; internet service providers; operating systems and platforms)

If you submit any Personal Information relating to other individuals to us or to our service providers, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

2. Non-Personal Information: EBSCO Information Services collects information that does not directly reveal your identity or does not directly relate to an identifiable individual. This may include a unique identifier (unconnected to an individual’s Personal Information) and related analytics and usage information that we use to track usage of our Websites, track trends in our Websites, administer the Websites, and improve our users’ experience.

3. Note About HIPAA Compliance: Certain products and services made available by DynaMed, LLC (“HIPAA-compliant Services”) are designed and intended to collect or process protected health information on behalf of covered entities, and are subject to the requirements of the Health Insurance Portability and Accountability Act of 1996, and its associated regulations (HIPAA). This Privacy Policy does not apply to, or restrict our handling of protected health information that may be processed by any HIPAA-compliant Services that you are using. Instead, our handling of protected health information is governed by a separate agreement, including a business associate agreement between us and the customer that has licensed the HIPAA-compliant Services. The terms “protected health information”, “covered entities” and “business associate agreement” used in this section have the same meaning as provided in HIPAA.

B. How Do We Collect the Information?

The categories of sources from which we collect Personal Information are described in the table above.

We only collect and use Personal Information when you voluntarily provide it to us, with the exception of your IP address, geolocation, and certain device information which may be automatically captured when you access our Websites. Please refer to your device’s settings to control the collection and sharing of your geolocation data with us.

Under limited circumstances, we also collect limited business contact information from legitimate third parties (for example, third parties that provide attendee lists or business prospect lists). This helps us to update or expand our records. If you provide us Personal Information about others, or if others give us your Personal Information, we will only use that information for the specific reason for which it was provided to us. Examples of the types of Personal Information that may be obtained from public sources or purchased from third parties and combined with information we already have about you, may include name, email address, job title, and company/institution affiliation.

In order to use some portions of our Websites, a user must first complete a registration form or provide an e-mail address that will require the user’s disclosure of limited Personal Information. Such disclosure is strictly voluntary.

Because of how email communication works, you will have to disclose an email address to us if you choose to contact us or communicate with us by email.

We automatically collect non-Personal Information generated from your use of our Websites. We use this non-Personal Information in the aggregate. We do not combine these types of non-Personal Information with Personal Information.

Cookies and Similar Technologies: For information about the cookies and other tracking technologies used by our Websites and how to manage your settings for these cookies and technologies, please visit our Cookie Policy.

Social Media Features: Our Websites may use social media features, such as the Facebook ‘like’ button (“Social Media Features”). These features may collect your IP address and which page you are visiting on our Websites, and may set a cookie to enable the feature to function properly. You may be given the option by such Social Media Features to post information about your activities on our Websites to a profile page of yours that is provided by a third-party Social Media network in order to share with others within your network. Social Media Features are either hosted by a third party or hosted directly on the Websites. Your interactions with these features are governed by the privacy policy of the company providing the relevant Social Media Features.

C. How Do We Use the Information?

The business or commercial purpose(s) for which Personal Information is collected is described in the table above.

We use the Personal Information we collect for limited internal purposes that may include, but are not limited to, processing your transactions, establishing and/or verifying a person’s or account holder’s identity, customer service, improving and customizing our Websites and their content, development of products and services, content processing, content classification, and providing you with information concerning our products and services. We will retain this information for as long as it is needed for the purposes for which it was collected, and/or to comply with our legal obligations, resolve disputes, and enforce our agreements.

We use the non-Personal Information we collect to administer the Websites, perform diagnostics, collect content-specific usage statistics, protect the Websites and their content from inappropriate use, and improve the user's experience.

We may use the Personal Information and non-Personal Information we collect by sharing it with third party agents, vendors, contractors, partners, or content providers of EBSCO Information Services (collectively, "Service Providers") for purposes of managing purchases of our products and services, servicing our systems, and obtaining support services for our businesses. We are not in the business of selling Personal Information to third parties or Service Providers and will share it with Service Providers only as we describe in this Privacy Policy. In situations where we share Personal Information with Service Providers, we ensure access is granted to the Service Providers only upon the condition that the Personal Information is kept confidential and is used only for carrying out the services these Service Providers are performing for EBSCO Information Services. As part of making that determination whether we will share Personal Information with Service Providers, we will obtain assurances that they will appropriately protect and maintain the confidentiality of Personal Information consistent with this Privacy Policy and as required by applicable law.

The Personal Information we collect from you may be transferred to, and processed in, countries other than the country in which you live. These countries may have data protection laws that are different than the laws of your country. Specifically, the servers we use to provide our Services are located in the United States. This means that when we collect your Personal Information, we may process it in the United States or the country where you live. However, when we process your Personal Information, irrelevant of its processing location, we take appropriate measures, as discussed below, to ensure that your Personal Information remains protected in accordance with this Privacy Policy.

We may share your usage data related to our Websites with our affiliates and certain Service Providers for purposes of providing or improving our Websites. We will not disclose any information about your usage data related to our Websites to unaffiliated third-parties, except as necessary to enhance the website experience, to enforce the terms of use, or as required by law.

We also reserve the right to disclose your Personal Information if we are required to do so by law, or in the good faith belief that disclosure of the information is reasonably necessary to comply with legal process, and to the extent permitted by local law, to respond to claims, or to protect or advance the rights, property, safety, or well-being of our company, our employees, customers, or the public.

We will not use your Personal Information for automated-decision making.

In the unlikely event that all or substantially all of the assets of EBSCO Information Services or any of its applicable subsidiaries are acquired, customer information, which may include Personal Information, may be one of the transferred assets unless restricted by applicable local law, in which case the acquiring entity will be subject to the same commitments for such customer information.

D. What is Our Legal Basis for Collecting and Using Personal Information?

Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only:

In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible impact if you do not provide your Personal Information).

Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact information provided below.

E. How Do We Secure Personal Information?

EBSCO Information Services has taken appropriate technical and organizational measures to ensure that Personal Information we have collected or will collect in the future is secure. For example, we have limited the number of people who have access to Personal Information, by electronic security systems and authentication methods that guard against unauthorized access.

As a reminder, EBSCO Information Services provides links to third-party websites. These websites may not have the same privacy policies as EBSCO Information Services. We take reasonable care in recommending these websites, but we are not responsible for their content or privacy policies. We urge users to read the privacy statement of a third-party website when leaving our Websites and linking to a third-party website.

We always use industry-standard technologies when transferring and receiving consumer data we receive. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you in connection with our Websites.

F. What Are My Rights?

Depending on your country or state of residency, you may have legal rights with respect to your Personal Information, including one or more of the following (each of which may be subject to certain exceptions that will be analyzed on a case-by-case basis):

Right to be Informed

An organization must provide certain information to individuals when collecting and processing their Personal Information.

Right of Access / Right to Know

Individuals have a right to obtain confirmation as to whether or not their Personal Information is being collected and/or processed. Individuals also have a right to request that an organization disclose the Personal Information it collects, uses, discloses, sells, and/or otherwise processes.

Right to Rectification

Individuals have the right to require an organization to correct inaccurate Personal Information concerning the individual and to have incomplete Personal Information completed, including by means of providing a supplementary statement.

Right to Restrict Processing

Individuals have the right to require an organization to restrict the processing of their Personal Information.

Right of Data Portability

Individuals have a right to receive a copy of their Personal Information in a portable and readily usable (structured, commonly used, and machine-readable) format that can be transmitted to certain third parties without hindrance.

Right to Object or Opt-out

Individuals can request an organization to stop processing and/or selling (if applicable) their Personal Information.

Right to Withdraw Consent

Individuals have the right to withdraw their consent to the processing of their Personal Information at any time when the processing is based on the individual’s consent. Withdrawal of consent does not affect processing that occurred prior to such withdrawal (it only has future effect).

Right to Erasure or Deletion

Individuals can request the deletion of their Personal Information collected or maintained by an organization.

Right to Non-discrimination

An organization cannot discriminate against an Individual because of the exercise of their legal rights with respect to their Personal Information.

Right to not be Subject to Automated Decision Making

Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, if such processing has a legal effect or otherwise significantly affects the individual.

Right to Lodge a Complaint

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom, you have the right to lodge a complaint with a supervisory authority in relation to the processing of your Personal Information.

Additional Information Regarding the Right to Know and the Right to Opt-out

EBSCO Information Services does not and will not sell Personal Information to third parties for a business or commercial purpose and has not sold Personal Information to third parties for a business or commercial purpose during the preceding 12 months or at any other time. Likewise, we do not and will not sell Personal Information of minors under 16 years of age without affirmative authorization and have not sold Personal Information of minors under 16 years of age during the preceding 12 months or at any other time.

We disclose, and have disclosed during the preceding 12-month period, the following categories of personal information to third parties for a business or commercial purpose:

Categories of Personal Information Disclosed

Personal Identifiers

Other Personal Information Categories

Internet or Other Electronic Network Activity Information

Geolocation data

Additional Information Regarding the Right to Object

If we process your Personal Information based on our legitimate interests, you can object to this processing in certain circumstances. In such cases, we will cease processing your Personal Information unless we have compelling legitimate grounds to continue processing or where it is needed for compliance and/or legal reasons. Where we use your Personal Information for direct marketing purposes, you can always object or opt-out by using the unsubscribe link in such communications or by submitting a request using any of the methods provided below.

G. How Can I Exercise My Rights?

We want to assure you that you can exercise any legal rights that you have with respect to your Personal Information. Upon request, we will tell you whether or not we have collected or processed any of your Personal Information.

If you would like to manage, change, limit, or delete your Personal Information, you can do so through your account settings on our Websites (if applicable) or by submitting a request using any of the methods provided below.

To exercise any other legal rights with respect to your Personal Information, you may submit a request using any of the methods provided below.

We will respond to your request as soon as reasonably possible, but no later than the legally required timeframe.

To exercise your rights (or to ask us questions about this Privacy Policy or our data practices), you can submit a request using any of the methods below:

  1. Via Web: Please click here (This hyperlink will redirect to our privacy management platform provided by our vendor, OneTrust, Inc.)
  2. Via Toll-Free Telephone: 1-833-705-0124
  3. Via Mail: EBSCO Information Services
    5724 Highway 280 E
    Birmingham, AL 35242, USA
    Attn: Data Privacy Officer, Legal Department
  4. Via Email: [email protected]

Verification of Requests

All requests submitted to us will be verified to ensure that the person making the request (the “Requstor”) is the individual about whom we have collected Personal Information. The method we use to verify the Requestor’s identity may vary based on the type of customer or user, the Websites used, and the type of Personal Information we have collected. In most cases, we will require the Requestor to provide the following information when submitting a request:

We will use this identifying information to communicate with the Requestor and receive confirmation that they submitted the request, and then match this identifying information with the Personal Information we already maintain. We may also use the contact information that we already maintain to communicate with the individual to confirm that they submitted the request. In rare cases, we may ask for additional information to verify the request, which may include a signed declaration under penalty of perjury that the Requestor is the individual whose Personal Information is the subject of the request.

If the Requestor submits a request to delete Personal Information, we will separately confirm that the individual wants their Personal Information deleted.

We may deny a request if we cannot verify the identity of the Requestor to a reasonable degree of certainty or a reasonably high degree of certainty (depending on the type of request, the sensitivity of the Personal Information, and the risk of harm to the individual posed by a unauthorized request) or, in the case of a request to delete Personal Information, we may deny a request if we are not able to separately confirm that the individual wants their Personal Information deleted..

Authorized Agent

If you use an authorized agent to submit a request, we will require that you:

The above authorized agent requirements do not apply if you have provided the authorized agent with legally binding power of attorney in accordance with applicable law.

We may deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

H. What Choices Do I Have?

We understand that you may not want to allow our disclosure of your Personal Information to our Service Providers, or to let us use that information for purposes that you believe may be incompatible with the purpose for which it originally was collected (as permitted by this Privacy Policy) or that you later may authorize. Therefore, you may contact us to inform us that you do not want to permit these uses of your Personal Information. To do so, please contact us using the contact information provided above.

It is important to us that the Personal Information we collect is appropriate and relevant to the purposes for which we intend to use it. We will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the person providing the information. EBSCO Information Services will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

You may sign-up to receive email newsletters or other marketing materials from us. If you would like to discontinue receiving this information, you may immediately update your email preferences free of cost by using the “Unsubscribe” link found in emails we send to you or through your account settings on our Websites or by submitting a request using any of the methods provided above.

I. Collection and Use of Information from Children: Information for Parents

Our Websites are not intended for children under 16 years of age. No one under 16 years of age may provide any Personal Information to or on the Websites. We do not knowingly collect Personal Information from children under 16 years of age. If you are under 16 years of age, do not use or provide any information on our Websites or on or through any of their features. If we learn we have collected or received Personal Information from a child under 16 years of age without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16 years of age, please contact us using the contact information provided above.

To the extent we collect any information of minors under 16 years of age that is considered personal information under any applicable law, we do not and will not sell such information without affirmative authorization and have not sold such information during the preceding 12 months or at any other time.

If you are a parent and have questions about our practices, please feel free to contact us using the contact information provided above.

J. How Long Do We Retain This Information?

We retain Personal Information we collect from you where we have an ongoing legitimate business interest or other legal need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no further legitimate business interest or legal need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework

EBSCO Industries, Inc. and its subsidiaries EBSCO International, Inc., EBSCO Publishing, Inc. dba EBSCO Information Services, DynaMed, LLC, and Yankee Book Peddler, Inc. dba GOBI Library Solutions from EBSCO (collectively, the “EBSCO Covered Entities”) comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

The EBSCO Covered Entities have certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) and the UK Extension to the EU-U.S. DPF with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. The EBSCO Covered Entities have certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The EBSCO Covered Entities are responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. The EBSCO Covered Entities comply with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over the EBSCO Covered Entities’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF. In certain situations, the EBSCO Covered Entities may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, the EBSCO Covered Entities commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. EU, EEA, and Swiss individuals with inquiries or complaints may contact the EBSCO Covered Entities by mail at 5724 Highway 280 E, Birmingham, AL 35242 USA, Attn: Data Privacy Officer or by email at [email protected]. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Questions

If you have any questions, comments, or concerns regarding this Privacy Policy or our practices, please contact us using the contact information provided above.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Changes to Privacy Policy

We will notify you of changes to this Privacy Policy by posting an updated policy on this page. You agree that any use of the Websites is based on this Privacy Policy, current at the time of use. If we make any material changes, we will notify you by means of a notice on our Websites (such as a banner or pop-up) prior to the changes becoming effective and provide you with the ability to consent to these changes (such as an "I agree" or "OK" button, or a prominent statement indicating the changes are in effect and continued use of the Websites signifies consent). We encourage you to periodically review this page for the latest information on our privacy practices.

Miscellaneous

This Privacy Policy does not apply to information collected by LearningExpress, LLC. To learn more about the information practices of LearningExpress, LLC, please visit its website, www.learningexpresshub.com.

Alternative Format / Accessibility: To access this Privacy Policy in an alternative format, click here to download a PDF version. If you have accessibility questions, please contact [email protected].

Do Not Track Signals: EBSCO Information Services does not recognize automated browser signals regarding tracking mechanisms, which may include ‘do not track’ instructions.

Data Protection Representatives

Data Protection Representative

Country of Business Registration

EBSCO International, Inc.

United Kingdom and Sweden

EBSCO Information Services SAS

France

EBSCO GmbH

Austria

EBSCO Information Services GmbH

Germany

EBSCO Information Services B.V.

Netherlands

EBSCO Information Services S.r.l.

Italy

EBSCO Subscription Services Espana S.L.U.

Spain

EBSCO Information Services s.r.o.

Czech Republic

EBSCO Sp. z.o.o.

Poland