TOME is committed to protecting and respecting the privacy of our community. This policy describes the personal data TOME collects, how it is used and stored, and practices in place to ensure the security of this data and compliance with applicable laws. The policy also describes options available to you to request access to, correction of, or removal of your personal data.
What data does TOME collect?
TOME collects two type of personal data. The first is data that an individual may actively provide as a result of:
- registering for an event (including name, address, email, phone number, and institutional affiliation); or
- subscribing to an email list or newsletter (email address and name).
The second type is data that is passively collected via cookies and web logging during a visit to the TOME website. This data may include IP address, device type, browser type and version, operating system, pages viewed and length of time on each page, and errors encountered.
How does TOME use the personal data it collects?
TOME uses personal data actively provided by individuals for two purposes:
- to provide a specified service (such as access to an event or program) and
- to provide access to information (via membership and participation in an email list or delivery of periodic announcements and newsletters via email).
TOME uses personal data passively collected via cookies and web logs exclusively to improve constituents’ online experience by informing future website design and presentation decisions. This information is not used to identify any specific user or track a specific user’s behavior on the websites.
How and with whom does TOME share the personal data it collects?
TOME will never sell or rent your personal data to third parties. TOME sometimes shares data with suppliers and subcontractors on a “need to know” basis to help operate its websites and services and to provide users with information, products, or services that they may request. For example, TOME shares data with Google Analytics to obtain insight into how visitors use its websites and to improve their online experience.
How does TOME secure the personal data it collects?
TOME has implemented industry-standard security safeguards to protect the personal data it collects. All personal data actively or passively collected by TOME is stored on secure servers generally located in the United States. While TOME takes all reasonable precautions to protect personal data from loss, misuse, or unauthorized access, it cannot guarantee that none of these will occur.
How long does TOME store personal data?
Data from event registrations and web logs will be deleted when there is no longer a business need. Data provided during a subscription to an email list or newsletter is retained as long as membership on the list or receipt of the newsletter is desired. Data collected via Google Analytics is retained for 26 months.
Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using TOME’s website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
What are my rights concerning my personal data collected by TOME?
You have the right to request access to, correction of, or removal of your personal data as well as to unsubscribe from TOME-hosted email lists or newsletters. To do the former, please send an email with your request to Gary Roebuck, the Association of Research Libraries’ director of administration and operations, at email@example.com. To unsubscribe from email lists or newsletters, please follow the directions at the bottom of emails from these sources or send an email to firstname.lastname@example.org.
Changes to this notice
If we make any material changes to this policy, we will signify this by revising the effective date at the top of this page, updating the impacted text and, where appropriate, notifying constituents by email (using the latest addresses we have on file). Please check back frequently to see any updates or changes to this policy.