Data Protection and Privacy Policy FAQ

1. About this Data Protection and Privacy Policy FAQ

Softlink Information Centres recognises the importance of data protection and privacy and is committed to them both.  Softlink Information Centres is part of Softlink which includes Softlink America Incorporated, Softlink Europe Ltd, Softlink Pacific Ltd Softlink Australia Pty Ltd, and Softlink International Pty Ltd (“we”, “us” or “our”).

This Data Protection and Privacy Policy outlines how we collect, hold, use, disclose and otherwise handle personal information in an open and transparent manner in accordance with Section 5 of the Federal Trade Commission Act in the USA, the General Data Protection Principals (GDPR) (EU) 2016/679, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and The New Zealand Privacy Principles contained in The Privacy Act 1993.

By providing us with your personal information you consent to us handling it in accordance with this Data Protection and Privacy Policy as we update it from time to time.

2. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes relating to the promotion and supply of our products and services. A feature of the products and services that we offer is to store and hold information, some of which may be personal.

For example, we may collect, hold, use and/or disclose your personal information for the purpose of:

  • Establishing identity within our products;
  • Performing necessary identity and security verifications within our products and services;
  • Processing transactions and conducting business;
  • Generally delivering products and services, such as providing customer support and services, such as training;
  • Providing a hosted application service;
  • Providing you with information such as product update notification;
  • Improving our products, services and service delivery, including for better understanding your needs, interests and suitability for various products and services;
  • Recommending specific products and services that may meet your needs;
  • Responding to issues, questions, and queries;
  • Converting personal information contained within product data from a third party or Softlink product(s) into another Softlink product(s).
  • Protecting you and us against errors or fraud; and
  • Complying with our legal or regulatory obligations.

3. What kinds of personal information we collect and hold

The kinds of personal information about you that we may collect and hold include your; contact details, payment details, bank account details, purchase history and service related information. Our products may also contain personal data including but not limited to, contact details, date of birth, interests, reading history, school details and images.

Where you do not provide us with all or some of your personal information that we request then we may not be able to supply our products or services that you require.

4. What website visitor information we collect and hold

We use a range of third party tools [including cookies and session tools] to collect information about visitors to our website https://ic.softlinkint.com (“Website”) or our Support Portal https://softlinkic.freshdesk.com/helpdesk. For example, when you visit our Website or Support Portal we may collect your server address, domain name, operating system, browser type, pages accessed, documents downloaded, previous visits, referring website, and visit date and time. We collect and hold this information for the purpose of maintaining and improving our services and enhancing your experience browsing our Website.

You may set your browser to disable cookies but some parts of our Website may not function properly if cookies are disabled.

5. How we collect and hold personal information

We collect and hold your personal information either directly from you or from information entered into our products. For example, we may collect your personal information from you in person when you visit our office or by mail, telephone, facsimile, email, ftp, using our website or other communication with you.

Personal information is stored in our products through the standard operation of our products. In the course of supporting or delivering a required service we may also request system data or log files be sent to us. Your Softlink system may also be hosted in an environment where we have access to system data and log files.

We may request data which contains personal information be supplied to us in the process of delivering a service such as a data conversion.

We may also collect your personal information from a third party or publicly available source where it is unreasonable or impracticable to collect the information directly from you. For example, we may collect your personal information from a third party when we are appointed to act as your authorised representative for the purpose of administering or managing the supply of products or services which you require.

We hold personal information that we collect in both physical and electronic storage facilities including paper-based files and computer databases.

6. How we disclose personal information

We may disclose personal information to our affiliates, subsidiaries, employees, contractors, agents, and service providers for purposes relating to the supply of our products and services. For example, we may disclose your personal information to:

  • Third party providers for the purpose of providing you with support for our products or services that you require; and
  • Third party suppliers in the course and for the purpose of providing a product or service that you require.

Some third party providers may be located in jurisdictions other than yours.

We will not sell or rent your personal information to any third party for marketing purposes without your consent.

7. How we protect personal information

We protect personal information that we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure using both physical and electronic security measures which include secure premises, locked cabinets, secure databases, password access, anti-virus software, data transfer encryption and firewalls.

You provide us with your personal information over the Internet at your own risk as the security of such information cannot be 100% guaranteed.

We destroy or de-identify personal information in a secure manner when we no longer need it for any of our purposes unless we are authorised or required by law to retain it.

8. How you may access, correct and update your personal information

You have the right to request access to, and correction of, any of your personal information that we hold. You should promptly notify us if you become aware that any of your personal information that we hold is inaccurate or out-of-date.

If you wish to access, correct or update any of your personal information that we hold, please either contact our Helpdesk using the contact details below or directly amend the information stored within our products.

9. How we update this Data Protection and Privacy Policy

We may update this Data Protection and Privacy Policy from time to time to take into account changes in our information handling practices by publishing an amended Data Protection and Privacy Policy on our Website. You should regularly review the most recent version of this Data Protection and Privacy Policy available on our Website.

10. Where we store data

Where we provide services to host our products in the cloud, we store data in data centres in your region all of which comply with ISO 27001, ISO 9001, ISO 27018 and IRAP.

11. Where we transfer data

We will not copy your data outside of your region without your prior explicit written permission. For example data hosted in the USA remains in the USA, data hosted in Europe is not copied outside of Europe and data stored in APAC is not copied outside of APAC.

12. Our data protection processes

We have an internal data protection policy which is reviewed annually. All staff who have access to data are trained annually to ensure they are aware of their responsibilities and best practices. An inventory of all personally identifiable information is kept along with the reasons for why the data is needed. This is reviewed annually and data not strictly required is removed. A range of general data security measures are in place and these are available on request. Softlink also leverages the resources provided by Open Web Application Security Project (OWASP) to perform:

  • Developer induction, and subsequent yearly training covering awareness of the current OWASP top 10, along with understanding of the mitigations currently in place within Softlink products.
  • Regular audits assessing Softlink products against online threats, guided by the OWASP top 10.

An annual Data Protection Impact Assessment (DPIA) is completed on all data collection methods.  This is also done for any new methods of data collection or other large projects that occur between these annual assessments.

In addition to practices outlined above, our practices include:

a. processing personal information only where this is strictly necessary for legitimate organisational purposes;

b. collecting only the minimum personal information required for these purposes and not processing excessive personal information;

c. providing clear information to individuals about how their personal information will be used and by whom;

d. only processing relevant and adequate personal information;

e. processing personal information fairly and lawfully;

f. maintaining an inventory of the categories of personal information that we process;

g. keeping personal information accurate and, where necessary, up to date;

h. retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes;

i. respecting individuals’ rights in relation to their personal information, including their right of access;

j. only transferring personal information outside the originating region in circumstances where it can be adequately protected;

k. the application of the various exemptions allowable by data protection legislation;

l. developing and implementing an Information Management System to enable the policy to be implemented;

m. where appropriate, identifying internal and external stakeholders and the degree to which these stakeholders are involved in the governance of our data management.

n. the identification of workers with specific responsibility and accountability for the Personal Information Management Systems.

o. The regular training of staff who may have access to Personally Identifiable Information on best data security and privacy practices.

p. promptly notifying customers in the event that any unauthorised person has obtained or attempted to obtain personally identifiable information.

13. Softlink products and data privacy requirements

Our products are extremely flexible; as a result it is possible to configure them in ways which may or may not conform to data privacy requirements in your organization and/or in your region. It is your responsibility to configure the products appropriately. Where you need assistance to enable the product to comply with your specific business or regional legislative requirements, you may contact us for product assistance (see below for contact details).

14. How to make an enquiry or complaint

If you have an enquiry or complaint about our handling of your personal information, please contact our support team who has responsibility for being the first point of contact with such enquiries and complaints.

15. How complaints are processed

All complaints are initially handled by the support representative. If you are not satisfied with the outcome, you may request that it is escalated to the Softlink Information Centre’s management team. A member of the management team will contact you regarding your complaint. Ultimately the issue may be escalated to the General Manager of Softlink Information Centres.

16. How to contact us

You may contact our Helpdesk using the contact details below: Email: support@softlinkic.freshdesk.com

17. Data protection officer

Yes. For Softlink entities as a whole we have a Data Protection Officer. In each main geographic region we also have a Data Protection Owner. These details are available on request.

18. Liberty Link mobile application

The Liberty Link mobile application requires permissions to access the camera of the device on which it is installed. The camera permission is required for several functions:

i. Initial setup allows scanning a QR code to set configuration values, such as the location of the related Liberty system.

ii. Use as a barcode scanner, which is used to identify physical resources. When used as a barcode scanner, the camera converts a barcode to a text string which is transmitted to Liberty. No visual/image data is transmitted or retained by the application for this function.

iii. To submit a cover image for a book held by the library. The image is then stored in Liberty. This function is restricted to library staff users.

iv. To submit an image for Image-to-text processing. This is used to collect data for a book (e.g. the blurb). The image is not retained, but the extracted text is stored as part of the selected book in Liberty. This function is restricted to library staff users.

Use of the camera is not necessary for the application to function (excluding these specific features). The application requests camera permission the first time one of these features is used.