Hyku Commons Privacy Policy
Use of the service does not require the entering or capturing of personally identifiable user information, except that which is required to create a user account, including an email address.
Data Disclosure
- The Service Provider agrees that no personally identifiable information, including but not limited to log-ins recorded in system logs, IP addresses of patrons accessing the system, saved searches, usernames and passwords, will be shared with third parties, except in response to a subpoena, court order, or other legal requirement. If Service Provider is compelled by law or court order to disclose personally identifiable information of Authorized Users of patterns of use, Service Provider shall provide PALCI and PALNI with adequate prior written notice as soon as is practicable, so that PALCI and PALNI or Authorized Users may seek protective orders or other remedies.
- Raw usage data relating to the identity of specific users and/or uses shall not be provided to any third party.
Data Processing
- Service Provider shall not use the Personal Information for any purpose except in the performance of this Agreement and to provide Services to the Service Recipients and Participating Institutions and their respective permitted users. Service Providers will not use the customer data (including metadata) for advertising or marketing purposes unless such use is specifically authorized by the Service Recipients and applicable Participating Institution. Service Provider is prohibited from mining customer data for any purposes other than as part of the normal functioning of the Service for the benefit of Participating Institution and the operation of the Services environment by Service Provider or those otherwise agreed to by the applicable Participating Institution.
Data Ownership
- Service Recipients’ Participating Institutions retain ownership of the Personal Information of each and may, at any time during the term of this Service Agreement, access, review, modify and delete Personal Information that Service Provider is storing.
Data Security and Accountability
- Service Provider will promptly notify Service Recipients in the event of a verified breach of non-public personal data unless such breach is unlikely to result in material harm to the data subject, or as otherwise provided by law. Service Recipients agrees that it shall be each Participating Institution’s sole responsibility to determine whether a breach is subject to state, federal or national breach notification laws and requires breach notification (“Breach Notification”). In the event that Participating Institution determines that a breach requires Breach Notification, Service Provider agrees that it will reasonably cooperate with Participating Institution in regards to Participating Institution’s Breach Notification obligations as specified in the applicable law, including Participating Institution’s investigation, enforcement, monitoring, document preparation, Breach Notification requirements, and reporting.