Privacy statement (original) (raw)

OCLC, INC. PRIVACY STATEMENT

Last Updated: 1 September 2021

NOTE THIS PORTION OF THE STATEMENT APPLIES TO OCLC AND ITS WEB-BASED PRODUCTS AND SERVICES. PLEASE SEE BELOW OR CLICK HERE FOR MORE INFORMATION REGARDING PRIVACY PRACTICES RELATING TO HOSTED SERVICES OFFERED THROUGH OCLC INSTITUTION CUSTOMERS.

OCLC is a global library cooperative dedicated to making information more accessible and useful to people around the world, while reducing costs for our member institutions (OCLC's "Customers"). OCLC, Inc. and its worldwide affiliates, including OCLC BV, OCLC (UK) Ltd., OCLC GmbH, OCLC AG, and OCLC S.r.l. (collectively, "OCLC" or "we") are committed to protecting your privacy and encourage you to read this Privacy Statement ("Statement") to understand our data handling practices.

This Statement applies to information we obtain from and about individuals interacting directly with OCLC, including through our websites, products, programs, and services (collectively, the "Services") and otherwise. It does not apply to OCLC employees, information we collect through research studies, or information collected by our institution customers through subscription-based or hosted products and services. For information regarding OCLC's hosted products and services, please see the HOSTED SERVICES section below.

From time to time, we may update this Statement and will update this page and display the date of the last update at the top of the page. We will notify you about changes in the way we treat information by placing notice on our site. We encourage you to periodically check back and review this Statement so that you always know what information we collect, how we use it and with whom we share it.

We are here to help. If you have any questions, please contact us at [email protected].

How Do We Collect Information?

We may collect information from or about you from the following sources:

• From you when you interact with this website and other OCLC-owned websites where this privacy statement is posted (collectively, the "Websites");
• From your other interactions with OCLC, including, but not limited to, information you provide when you interact with OCLC's Services or OCLC customer support, or when you attend an OCLC-sponsored training or event (whether in person or virtually);
• From your computer, device, or web browser, including information collected by automated means or by using technologies such as cookies, web server logs, and web beacons, as is further discussed below;
• From you and/or our member institutions when you interact with OCLC on behalf of an institution or in connection with OCLC membership, including if you represent one of our members as an OCLC Regional or Global Council representative or otherwise participate in OCLC membership opportunities or events;
• From you when you interact with our applicant tracking system or provide information to OCLC in order to receive information about new job postings, make inquiries about job openings, or apply for a position with OCLC (please note, this does not apply to current OCLC employees, who are governed by OCLC’s internal Employee Data Protection Notice);
• From OCLC or third-party sites, including social media sites and sweepstakes microsites, surveys, social media platforms, and promotion entries;
• From third parties that you have authorized to share such information with us;
• If you register for and receive Services through an OCLC-provided user account, we also receive the information you elect to share.

We may also receive information from third-party sources and combine it with information that we receive from the sources described in this Privacy Statement and use it for the purposes identified below.

What Information Do We Collect?

OCLC collects the information described below. When we require certain information from users, it is because such information is relevant for a specified purpose; however, any information you provide to us, that is not identified as required, is voluntary. You are free to choose whether to provide us with the types of information described below, but we may not be able to serve you as effectively, offer you all of our Services, or process your application when you choose not to share certain information with us.

We may collect the following information:

• Contact Information, such as name, address, telephone numbers, and email;
• Account Information, such as username, password, account numbers, and preferences;
• Profile Information, such as photographs, interests and any other information you include;
• Professional Information, such as education, work history, and references;
• Communication Information, such as information contained in communications (e.g., e-mail, telephone, written) we have with you;
• User-Generated Information, such as favorite libraries, saved searches, lists, tags, comments, reviews, and posts;
• Device and Browser Information, such as the IP address of your device and information about the type of device and browser you are using. Some of our services, including WorldCat.org, may also use your IP address to obtain a geolocation for the purpose of providing you the Services (e.g. to display items at nearby libraries);
• Usage Information, such as the web pages you visit, the content you view, and search terms you use;
• Transaction Information, such as billing records, usage records, payments for Services or associated services;
• Social media interactions, such as 'follow', 'like', post to, or interact with, mention or tag to our social media accounts, including Facebook, LinkedIn, Twitter, Pinterest, Instagram, and SnapChat.

We may combine information about you with information from other sources, including third-party and public sources, such as information from member institution(s) with which you are affiliated, if any.

We may also collect additional information from or about you in relation to specific products and services. Please see the specific products and services listed below for additional information.

If you provide us the personal contact information about another person, for example, for providing a reference for a job application, it is your responsibility to ensure that the person is aware and consents to you providing his/her contact information.

How Do We Use Your Information?

We may use your information in a number of ways, including:

• Providing you with Services
• Evaluating, improving, supporting, and updating our Services
• Communicating with you about our Services
• Processing your job application (e.g., match your skills, experience, and education with the specific roles offered by OCLC)
• Communicating with you about the recruiting and hiring process, to set up and conduct interviews and assessments
• Conducting background checks, as required or legally permitted by applicable local law
• Facilitating surveys, promotions, contests, events, and activities
• Facilitating an open forum or review
• Marketing purposes
• Registering an account and authenticating users of our systems
• Operating our websites and customizing the content
• Providing training or other informational materials
• Verifying participation in training courses
• Enabling you to communicate with other member institutions
• Complying with legal obligations, maintaining internal records, and resolving any disputes
• Auditing the use of the Services
• Protecting our rights and property and the rights and property of other users

In some instances, OCLC may combine personal data you have provided to us with information we collect through our websites, and information collected from other sources such as third party social media sites. We process this data to update, expand, and analyze our existing marketing records, identify new customers, create more tailored advertising or website experiences, and send marketing emails.

We may use automated processes to help make advertising more relevant to you.

We may also use your information in an anonymized or aggregate manner.

Legal Basis for Processing

We use this personal information for the legitimate interests identified above, to perform the contracts we enter into with you or with our institution customers and as required by law. If we use consent as the legal basis for processing your information, we will seek separate consent for such use. In the event that OCLC identifies a new purpose outside of the stated purposes listed above, we will update this policy and provide any other notification required by law.

With Whom Do We Share Your Information?

We may share your information with the following categories of recipients:

• Third-party service providers. OCLC contracts with third-party service providers and individuals to perform functions on our behalf. Examples of such third-party service providers include, but are not limited to, event coordinators, vendors that facilitate surveys, webinars, and email marketing communications, payment processors, and analytics providers. Such parties have access to your information as necessary to complete their functions;
• Partner Organizations. If we are collaborating with an identified partner for a particular event, we will share registration information with that collaborating partner. We also share registration information with organizations that have contributed course or webinar content. These organizations are identified in the course catalog;
• Social media platforms. Some of the Services make use of integrated social media functionality that will allow you to easily share certain content on various social media platforms. When you are using a Service that provides integrated social media functionality, information may be shared with those social media platforms, regardless of whether or not you are a registered user of a social media platform. Please refer to the various social media platform privacy statements and terms of service for additional information;
• In connection with membership. We may disclose certain information about individuals affiliated with OCLC member institutions to other member institutions or to regional or global council members to fulfill our obligations with respect to OCLC membership and to allow our OCLC members to take full advantage of membership;
• In connection with job applications. We may share your personal information with authorized OCLC corporate personnel and subsidiary human resources personnel as needed, as well as third parties who are acting on OCLC’s behalf, namely those who (i) perform recruiting services, such as employment reference checks, interview scheduling, application tracking, and employment screenings; and (ii) provide IT services, such as hosting and cloud providers;
• Compliance with legal obligations. We may disclose your information, at our discretion and without prior notice, to law enforcement or other public authorities in order to comply with a law, regulation, investigation, valid legal process, or other similar requests;
• Protection of OCLC and others. We may disclose your information for purposes of fraud detection and prevention, to enforce or apply our Terms of Use and other agreements, or to protect the rights, property and safety of OCLC, you, or others;
• Business transactions. In the event of a merger, acquisition, bankruptcy, re-organization, consolidation, sale of assets, or other business transaction, OCLC may disclose or transfer your information;
• OCLC affiliate entities. We may share your information among OCLC affiliates for the purposes set forth herein;
• General public and other members. We allow you to post on public parts of our Services, such as through WorldCat.org and the OCLC Community Center. Please be aware that any information you post on a public forum, such as public content on WorldCat.org or Community Center, will be available to the public in real time. You may also choose to make certain portions of your profile information public or private through "My Profile" functionalities with certain Services. The portions of your profile you make public will be available to other uses of that Service (for example users of WorldCat.org or WebJunction); and
• State library agencies. For certain OCLC Services (e.g. WebJunction), we share registration information with supporting state library agencies for continuing education purposes.

These third parties are not authorized to use or disclose the information except as necessary to perform services on our behalf pursuant to a contractual obligation or to comply with legal requirements. OCLC requires such third parties to comply with applicable data protection laws and regulations and to agree to implement and maintain appropriate technical and organizational security measures to safeguard your personal information.

Cookies and Other Tracking Technologies

For information about how OCLC uses cookies and other tracking technologies and behavioral advertising click here.

External Links

The Websites contain links to other sites. Such links do not imply OCLC's endorsement or guarantee of the products, information or recommendations provided by any third party. Please be aware that OCLC is not responsible for the privacy practices of such third party sites or applications. We encourage you to read the privacy statements of each and every site or application that collects your information. This Statement applies solely to information collected through OCLC Services.

Third party social plugins

Our Services may have integrated third party social plugins, and the use of such plugins results in collection of data by OCLC and could result in the relevant third party recording your interactions, too. For example, if you share our posts, a third-party plugin could result in the third party collecting information about your access of our Services.

Security

We have taken reasonable steps to ensure the protection of your information, and to prevent the loss, misuse, or alteration of that information. We use reasonable security procedures to protect against unauthorized or unlawful access, processing, disclosure, alteration, destruction or accidental loss of your personal data. We limit access to and use of your personal data to authorized persons and trusted third parties who have a reasonable need to know the information in order to perform our business operations and who are bound by confidentiality obligations.

You are also responsible for the security of your account. For example, your password is a component of our security system, and, as such, it is your responsibility to protect it. Do not share your password with any third parties. If your password is compromised, you should change it immediately and contact us.

Retention of Data

We will keep your information as reasonably necessary to fulfill the purposes for which information is collected as stated herein; for as long as is necessary for the performance of the contract between you and us, if any; and to comply with applicable legal, statutory, or regulatory obligations to maintain the data. For example, where required by law for tax, trade and corporate requirements, agreements, or disputes.

When we no longer need your information for our purposes or legal obligations, we will destroy, delete or erase that information or convert it into an anonymous form.

Children

We understand the importance of taking precautions to protect the privacy and safety of children using our Services. Our Services are not intended for children under the age of 13.

If we learn that we have collected the information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information from our records. Please notify us if you know we have collected information of a child under 13 so we can delete the information.

Your Choices

How to Opt-Out of Marketing

To opt-out of receiving promotional email messages from us, please email us at [email protected] with your request.

Access Rights to Information

If you have questions about the information collected about you, would like to update or make changes to your information, or are concerned that your information is inaccurate or incomplete, please contact [email protected]. We will respond to reasonable requests.

Please note, any information you have publicly posted, such as comments on the OCLC Community Center, may continue to be publicly available even after your account is terminated. In addition, public sites, such as Community Center, are indexed by search engines and may be published as search results. OCLC does not control the practices of third-party search engines.

California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020

The California Consumer Privacy Act of 2018 ("CCPA") and the California Privacy Rights Act of 2020 (“CPRA”) do not apply to OCLC. OCLC is not a business or a service provider (as those terms are defined by the CCPA and CPRA). OCLC, Inc. is a nonprofit without shareholders or other owners. Its worldwide affiliates do not do business in California or act as a service provider of a business.

International Users

OCLC is a global organization and may transfer, store, use and process your personal information in countries outside of the country of your residence, including in the United States and other countries where OCLC affiliates operate.

If information is transferred from within the European Economic Area ("EEA") or the United Kingdom (“UK”) to a jurisdiction outside of the EEA/UK, OCLC has Standard Contractual Clauses (including, Standard Contractual Clauses, as applicable and approved by the UK Secretary of State) in place to ensure that such personal information has the required protection under European Union ("EU")/ UK and other EEA countries' data protection laws. Please contact us if you would like to obtain a copy of OCLC's Standard Contractual Clauses.

The following safeguards and rights also apply to the collection, use, and disclosure (Processing) of Personal Data from the EEA/UK. All capitalized terms in the EU/UK Rights Section below are defined in accordance with the EU General Data Protection Regulation 2016/679 including as amended and incorporated into UK law. To exercise any of these rights, please contact [email protected] or use the information provided in the next section under "Contact".

Your EU/UK Privacy Rights

Subject to certain exceptions and limitations, Data Subjects in the EU/UK have the following rights:

Access

You have the right to obtain from us confirmation if your Personal Data is being Processed, certain information about the Processing and a copy of your Personal Data.

Rectification

You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.

Objection

You have the right, when we Process Personal Data on the grounds of legitimate interests, to object to the Processing of your Personal Data relating to your particular situation, except in cases where legal provisions expressly provide for that Processing. In addition, you have the right to object at any time where your Personal Data is Processed for direct marketing purposes.

Portability

You may receive Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit it to other Data Controllers. This right only exists if the Processing is based on your consent or a contract and the Processing is carried out by automated means.

Restriction

You may request to restrict Processing of your Personal Data if (i) you contest the accuracy of it – for a period we need to verify your request; (ii) the Processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) you object to Processing based on public or legitimate interest – for a period we need to verify your request.

Erasure

You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal ground for the Processing exists, you objected and no overriding legitimate grounds for the Processing exist, the Processing is unlawful, or erasure is required to comply with a legal obligation.

Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence or UK, or the location where the issue that is the subject of the complaint occurred.

Right to refuse or withdraw consent

Please note that in case we ask for your consent to certain Processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any Processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.

Contact

If you have any questions regarding our policies, please contact [email protected] or write to:

OCLC, Inc.
ATTN: Legal/Privacy Officer
6565 Kilgour Place
Dublin, Ohio 43017-3395
USA

EU/UK users can contact our Data Protection Officer at:

[email protected]

or write to:
OCLC, Inc.
ATTN: Data Protection Officer
6565 Kilgour Place
Dublin, Ohio 43017-3395
USA

Hosted Products and Services

If you make use of an OCLC product or service provided through one of our member institutions (OCLC's Customers) as a subscription or hosted service (the "Hosted Services"), please refer to your institution's privacy statement for information about how the institution collects, uses and shares your information.

Please keep in mind that our products are customizable. Each member institution may choose which Hosted Services (or portions thereof) it uses, what data it collects, and how that data is used and shared. Please refer to your institution's privacy statement for information specific to your institution.

As a service provider to our Customers, OCLC may receive information from or about you when a Customer with which you are interacting provides services to or for you using one of OCLC's Hosted Services. We use this information to provide the Hosted Services requested.

In addition, our Customers allow us to track certain usage data regarding the Hosted Services. We collect and use this data for our own product improvement purposes. We also monitor our Hosted Services to detect fraud and for other security purposes, and also for purposes of documenting uptime requirements with our Customers.

Our Hosted Services include: Integrated Library Systems, such as the WorldShare Management Services (WMS) suite of products, OLIB, LBS, and Bibliotheca; Identify Management Systems, such as AUTHOS and ELDAP; Interlibrary Loan Products, such as WorldShare Interlibrary Loan, Tipasa, and ILLiad; Discovery products, such as WorldCat Local, WorldCat Discovery, and FirstSearch; and a variety of other Hosted Services, such as EZproxy, CONTENTdm, and Wise. This is a list of examples of Hosted Services, which is subject to change.