This Policy does not apply to installable desktop software.
We collect information about you that can be used to identify you (“Personal Information”). Depending on the Service we are providing, we may collect Personal Information from you in a number of ways. In most cases, we will collect Personal Information only when our Customer provides the information to us or provides us with access to such Personal Information. If you have questions about Customer control in relation to the Services, please contact the Customer who provided you with access to the Service. In other cases, we collect Personal Information independent of our Customers. Personal Information can include, but is not limited to, the following categories of information:
We also receive Personal Information about you from other sources, including third parties who share your Personal Information with us, and combine this data with Personal Information we already have about you. This helps us to properly support integrations between our Services and the services of a third party for our Customers and allows us to improve our existing Services, develop new Services, and engage in analytics. If you provide us with Personal Information about others, or if others give us your Personal Information, we will only use that information for the specific reason it was provided to us. Examples of the types of information that may be obtained from third parties and combined with Personal Information we already have about you may include:
In our capacity as a processor for our Customers, we may also collect from you the following Personal Information about your contacts:
When you provide Personal Information about your contacts, we will only process this information in accordance with the specific reason for which it was provided and as part of the Services we provide to our Customers. If you believe that one of your contacts has provided your Personal Information and you would like to request that it be removed, please contact our Customer, the data controller. Upon their request to us, we may remove the Personal Information accordingly.
In addition to Personal Information identified above, we also collect other Personal Information automatically in connection with our browser-based Services. This information may include InternetProtocol (IP) addresses, browser type, Internet Service Providers (ISP), referring/exit pages, the files viewed (e.g. HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer our Services.
The Services may also enable third-party tracking mechanisms to collect information over time and across unaffiliated websites for use in online behavioral advertising. For example, third parties may use the fact that you visited a browser-based Service to target online ads for our Services to you on other websites. In addition, our third-party advertising partners may use information about your use of the browser-based Services to help target other companies’ advertisements based on your online behavior in general. For information about behavioral advertising practices, including privacy and confidentiality, visit the Network Advertising Initiative website or the Digital Advertising Alliance website.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer, you may set your browser to block cookies. Additionally, you may remove yourself from the targeted advertising of companies by opting out here or, if located in the European Union (“EU”) or United Kingdom, you may opt out here. Please note that you will continue to receive generic advertisements.
Many browsers offer a “do not track” or similar feature enabling users to communicate to websites that they do not want to be tracked online. Our browser-based Services does not respond to “do not track” browser headers, but you can limit some tracking activity by taking the steps described above.
The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy.
We use Personal Information to provide our Services as directed by our Customers, including to respond to and act upon customer support inquiries and requests from our Customers, to provide information to our Customers (including reports and analytics about use of the Service), to accomplish the actions or transactions you initiate through the Service (for example, checking out a book or paying a fine).
In addition, we use Personal Information for Innovative-oriented purposes, including to administer our Customer accounts, fulfill our contractual obligations with our Customers, improve our existing Services, develop new Services, engage in analytics, comply with legal or regulatory requirements, protect our rights and interests, and communicate with you about Services that may be of interest to you.
We may share information about you with third parties on our own or at the instruction of our Customers.
When we share information about you with our own service providers to provide the Services and engage in the uses of Personal Information permitted by this Policy, these third-party services may include:
Our service providers are only authorized to use your Personal Information as necessary to provide these third-party services to us.
Furthermore, our Customers may direct us to integrate a Service with an offering, software, or application provided by a third party. For example, we may provide Personal Information to a Customer’s third-party payment processor to facilitate the payment of a fine or another payment you make to a Customer. In those cases, we will share Personal Information with third parties at the Customer’s direction. If you have questions about Customer-directed sharing with third parties, please contact our Customer (the Library), the data controller.
In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also may share your Personal Information as required by law, including in response to a court order, subpoena, or other legal process or, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others; to investigate fraud; or to respond to a government request.
In the course of our business, we may sell or buy businesses or assets. In the event of a sale, merger, reorganization, dissolution, or similar event relating to all or a portion of our business or assets, your Personal Information may be part of the transferred assets. We also may share Personal Information to facilitate the potential or actual financing, securitization, insuring, merger, acquisition, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets. If we are involved in such events, you will be notified via email and/or prominent notice on our browser or mobile application-based Services of any change in ownership, uses of Personal Information, and choices you may have regarding your Personal Information.
We may also disclose your Personal Information with your prior consent.
Some of our login-restricted Services include community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our community forum, contact us at Privacy@iii.com. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.
We often do not interact directly with you, or do so only at our Customer’s direction as a processor. Our Customers may provide you with notice of this Policy and, where appropriate, provide you with access (including the ability to confirm whether our Customer holds any of your Personal Information and access, correct, or request deletion of your Personal Information) as well as your choices in connection with our Services. If you have questions about your use of our Services, please contact the Customer who has provided you with access—this may be your library, employer, or someone else. We will work with our Customer to address any questions or requests brought to our attention within a reasonable timeframe, but we might not interact directly with you.
Upon request, we will provide you with information about whether we hold any of your Personal Information, if we control such information. You may access, correct, or request deletion of your Personal Information by emailing us at Privacy@iii.com. We will respond to your request within a reasonable timeframe.
You may sign up to receive emails, newsletters, or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you, through your member profile on our Site, or by contacting us at Privacy@iii.com.
When you download and use our mobile application-based Services, we may automatically collect information about the type of device you use, operating system version, and the device identifier (or “UDID”). We do not ask for, access, or track any geolocation-based information from your mobile device at any time while downloading or using our mobile application-based Services.
We use mobile analytics software to allow us to better understand the functionality of our mobile software on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any Personal Information you submit within the mobile application.
We use generally accepted and commercially reasonable physical, electronic, and procedural safeguards to protect our Services and your Personal Information from loss or unauthorized access, use, modification, or deletion, both during transmission and once it’s received. No security program is completely secure and we cannot guarantee the absolute security of your Personal Information. Please refer to a summary of our security policy here.
We retain Personal Information for as long as accounts are active or as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our contracts. For example, we may be required by contract with our Customer or by an applicable law to retain your Personal Information for a set period of time.
We may process (on behalf of Customers) and control (on our own) Personal Information in jurisdictions where the legal protections for Personal Information may vary from your own. With regard to Customer-controlled Personal Information that we process, questions about international data transfers should be directed to the Customer who granted you access to our Services.
With regard to Personal Information transferred from the European Union to the United States, Innovative participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework (“Privacy Shield Framework”). Innovative is committed to subjecting all Personal Information received from EU member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list
Under the Privacy Shield Framework, Innovative is responsible for the processing of Personal Information it receives and subsequently transfers to a third party acting as an agent on its behalf. Innovative complies with the Privacy Shield principles for all onward transfers of Personal Information from the EU, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, Innovative is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Innovative may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
You may contact us with questions about this Policy or our privacy practices at Privacy@iii.com, or by mail at:
Attn: Akin Adekeye Data Protection Officer (DPO)
1900 Powell Street, Suite 400
Emeryville, CA 94608
We do not modify, correct or delete the data of library staff, patrons, or other individuals that we process for our Customers without instructions to do so. Accordingly, please direct such requests to the Customer with which you are dealing directly. We will work with our Customer to address any questions or requests that the Customer raises with us.
We reserve the right to change or amend this Policy at any time. Customers are responsible for reviewing any changes to this policy and providing notice to you. We will provide a revised version of this Policy to our Customers prior to any changes taking effect.
Effective date: March 26, 2019