Request a Demo
Menu
Privacy policy Publisher Neutrality Sub-processors

At Technology from Sage, we put honesty and transparency at the heart of everything we do. We therefore want to explain our product Privacy Policies as clearly and simply as possible so that you understand how we use your data, and why. If you have any questions about any of the information presented in the Privacy Policies below, please get in touch.

Lean Library

Data Collection

When you use your browser (Chrome, Firefox, Safari, Edge, Opera) to access websites, The Lean Library Extension aims to save you time by showing you for which databases your library has a license and allowing you access to those databases while you are not on campus. In order to provide this service, The Extension may analyse and/or collect certain information relating to your browsing activity such as the academic websites that you visit. For example, by recognizing the academic website that you are visiting, The Extension is then able to give you the option to access the database with the license of your library (technically through a proxy of your library so that the database knows you are from the library). The following information may be analyzed and/or collected by The Extension in order to provide the service: the current database website url you are visiting, previous database websites you have visited and articles you have accessed and how you engage with academic websites. We will NOT collect any personal information unless you actively share it with us. We will NOT collect your IP address or your device’s unique device IDs. By using the Extension you will remain completely anonymous. The Extension may also analyze and/or collect and/or store article related data. This could include information such as which articles you’ve (tried) to access, the time at which these attempts are made, the amount of time it took to look up an article, as well as other general information about your academic searching. We may also use this anonymized aggregate data for use in marketing materials including, but not limited to, blog posts, case studies and white papers. The Extension may also analyze and/or collect and/or store information surrounding any technical issues encountered by The Extension. This information may include, but is not limited to, error message data. The Extension utilizes “cookies”, an industry standard technology, to collect information about how The Extension is used. The data collected may include, but is not limited to, the data/time of visits, pages viewed, and any third party site that The Extension links to. Again, this information is collected on an aggregate basis without any association to your personal information so that you remain anonymous. Lean Library may, from time to time, ask you for feedback on whether the article/database you attempted to use was useful or valid. If you do so, we may also use cookies to store this information so that we can improve your future experience of The Extension.

What information does Lean Library and The Extension NOT obtain?

Your security and privacy is our biggest priority. We are only interested in information or data that can help us deliver the best experience possible in saving you time while and optimizing your academic research. Therefore, The Extension does not store any information for other browsing activity such as activity on non-database webpage urls. Furthermore, we do not collect information from your bank or credit card accounts, or information from your email account. We do not record any personal information that you have not provided to us directly, or have explicitly given us permission to record. Do we give third parties access or the ability to see any of the information that The Extension obtains? We may disclose the information we obtain:

  • As required by law.
  • When we believe, in good faith, that such disclosure is necessary to protect your safety, the safety of others, to investigate fraud, to protect our rights, or to respond to a government request.
  • With our trusted service providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to the rules set forth in this Privacy Policy.
  • If Lean Library is involved in a merger, acquisition or sale of all or a portion of its assets. Please note that you will be notified by either email or a prominent notice on our website of any changes in ownership or uses of this information.
  • In aggregate with other data in such as way so that no personally identifying information can be disclosed. For example, we may disclose this aggregate data with Databases or Libraries who have partnered with us. This is so that these parties can use the information that we analyze and/or collect, or a portion of it, to enhance the access and search process to academic materials. Please note that any information that we disclose to these Databases and Libraries will remain anonymous.
Data Retention Policy

Lean Library will retain the information that we have obtained for as long as you have The Extension installed, and for a reasonable time thereafter. Please note that some of the information that we have obtained may be required in order for our service to function.

Security

Lean Library utilizes physical, electronic and procedural safeguards to protect the information that we process and maintain, such as limiting access to only authorized employees and contractors who need access to operate, develop and improve The Extension. However, whilst we endeavor to provide reasonable security for the information that we process and maintain, no security system can prevent all potential security breaches.

Links to Third party Websites

You may be transferred to other online database websites through interaction with The Extension. We are not responsible for the content or privacy practices of those websites, and this Privacy Policy does not apply to information collected by those sites. Therefore, before using third party websites, you should read and understand those website’s own privacy policies.

Talis

How does Talis process our users’ personal data?

In the processing of personal data, we may be acting as a data controller or data processor, depending on the circumstances.  In connection with the use of our products by our customers, we will normally act as a data processor, with the customer being the data controller in relation to any personal data that the product processes in the course of its use by the customer.

When do we act as a data processor?

We will be acting as a data processor where we process personal data in the following circumstances:

  • Our products store, manage and collect personal data about users (students, customer staff or academics) in order to operate key functions. For example, in relation to user profile pages and associated functionality, user reports, personalisation features, and displaying user information in administrative workflows. This data may also be used to support the collection of user analytics relevant to reports usable by the customer as part of the products’ features.
  • Where we are engaged by customers to perform consultancy, or as part of the roll out or deployment of our products, to create bespoke reports or features based on user data stored in our products or to amend, import or export such user data.
  • In the course of the provision of beta or pilot functionality for new products or services that are being developed or considered for implemented by the customer.
  • In order to help us operate, support and troubleshoot the system. For example, information may be captured in log files.
  • In making backups of the data required to support application functions.
What personal data are processed by us as a data processor?

The following personal data attributes are processed in this way:

  • Name
  • Email address
  • Job title (if applicable)
  • Persistent ID issued at sign in time by the institution
  • Talis user IDs
  • IP address
How long do we hold personal data when we are acting as a data processor?

Personal data processed in this way is held for as long as the customer contracts with us (unless earlier deletion occurs because retention of the personal data is no longer necessary to support the provision of the relevant services by us), or in the case of pilot or beta features which are discontinued, consulting or roll out assignments as long as those projects remain active.  In particular:

  • Log file data is kept for 90 days and then deleted.
  • Backup data is kept for 90 days and then deleted.
  • When do we act as a data controller?

We will be acting as a data controller where we process personal data in the following circumstances:

  • We collect and store data from customer staff involved in the roll out and deployment of our products at their institution and the on-going management of the institution’s relationship with us, including requesting customer support or consulting services. This is used to communicate with the customer during activities, as well as allowing the customer to provide ongoing feedback on and obtain information about our products.
  • Where we provide direct end-user support via in-application communication between Talis and the customer’s end-users. This is not applicable to all customers.
  • Some consulting engagements may involve us acting as a data controller (other than merely in respect of data concerning customer staff involved in the engagement). This will depend on the requirement and where we consider this could be the case, the status will be clarified with customers at the point of engagement.
  • We provide regular information updates about our products and services to customers, including for marketing purposes.
What personal data are processed by us when acting as data controller?

The following personal data are processed in this way:

  • Name
  • Email address
  • Work address (if relevant)
  • Job title (if applicable)
  • Role in the application
  • Persistent ID issued at sign in time by the institution
  • Talis user IDs
  • IP address
How long do we hold personal data when we are acting as a data controller?

Data is kept for as long as is required in order to provide the relevant services or support or otherwise as necessary for our legitimate interests in connection with our relationship with the customer.

Who has access to personal data processed by us?

The Talis engineering and customer services teams have access to this data, together with any sub-contractors or sub-processors who we use to provide services in support of our provision of our products to our customers (see list below).

Where is personal data processed by us?

Data directly processed by us is managed within ISO27001 certified data centres situated within the EU.

Where does Talis store data?

Our data centres are within the EU, and our principal storage of personal data occurs within the EU. However, some auxiliary data, which is now considered personal data under the GDPR (for example, IP address or other opaque user identifiers) is shared with 3rd parties we engage who may operate data centres outside of the EU.

 What security measures does Talis take to protect data?

Talis take a number of security measures to protect data:

  • Talis is accredited via the Cyber Essentials scheme
  • Our products are delivered to users via HTTPS
  • Our data centres are CAS, ISO9001, ISO27001, ISO27018 and SOC1 through 3 compliant
  • Server access is secured by encrypted keys, 2FA and hardened firewall
  • Regular black box and white box security audits performed by an independent 3rd party
  • Employees’ laptops are hardened and disk encrypted where required, we periodically re-audit these arrangements to make sure they remain in place, and offer appropriate training to new starters.
What does this mean for non-EU customers?

Whilst non-EU customers and users are not directly affected by GDPR, the requirements and obligations on Talis affect the processing of all personal data since all processing takes place within the EU. In general terms GDPR only enhances the security and privacy of personal data for non-EU users.

Talis operates to ensure compliance with its privacy and personal data obligations in all relevant territories and will continue to do so.