Your Privacy at Technology from Sage
At Technology from Sage, we believe in being open and honest about how we use your data. This policy explains our approach to privacy, product by product, so you can easily understand what information we collect, why we collect it, and how we keep it safe.
Understanding Data Roles: Controller vs. Processor
Data protection law means our role can change depending on how your personal data is being used by our products.
Data Controller
When we act as a ‘Data Controller’, it means we determine why and how certain personal data is processed. This typically applies to data related to our direct relationship with you (e.g. managing your account with us, providing direct support, or for our marketing).
Data Processor
When we act as a ‘Data Processor’, it means we process personal data on behalf of another organisation (our customer, such as your library or institution). In this case, your library or institution is the ‘Data Controller’ and decides why and how your data is used. We follow their instructions and process the data in line with our agreement with them.
Lean Library
This section explains how your data is handled when you use the Lean Library browser extension and, if applicable, a Lean Library Workspace account.
Information the Lean Library Browser Extension Collects and Why
The Lean Library browser extension guides users to quickly access academic resources their library subscribes to, even when not on campus. It does this by recognising academic websites and article identifiers to offer quick access through the library’s systems.
To provide this service, the Lean Library browser extension may analyse and/or collect the following information:
- Web Browsing Activity: We look at academic websites you visit and send identifiers such as DOIs, ISBNs, along with other article and publisher metadata.
- Why? This allows the extension to show you relevant access options for your library’s licensed content. For example, if you visit a research paper, we can suggest accessing it through your library.
- Anonymised Event Data: We look at academic websites you visit, including database URLs, articles you’ve accessed, and how you interact with academic sites (e.g. Article Link clicked and LibGuide displayed). Note: A Release is pending that will mean URLs will no longer be collected.
- Why? To help us understand how the extension is being used, provide anonymised statistical data to our customers, and improve its performance and features.
- Technical Information: Data about any technical issues or error messages the extension encounters.
- Why? To help us identify and fix bugs, ensuring a smoother experience for you.
- Cookies and Local Storage: We use industry-standard “cookies” to set user preferences for the setup of the extension. We may also use cookies if you provide feedback, to remember your preferences.
Important Note on Personal Data & Lean Library Workspace Accounts
-
Lean Library Extension (without a Workspace account). When you use the Lean Library extension without creating a separate Lean Library Workspace account, we do not collect any personal information about you unless you actively share it with us. Any activity related to the Extension is recorded only against your IP address. This means your browsing activity through the Extension is not linked to your identity.
-
Lean Library Workspace Account. If you choose to create a Lean Library Workspace account, we will collect your name, email address and role to manage that account. However, it’s important to note that your browsing activity through the Lean Library Extension is still NOT recorded against your Workspace account. Only the content you actively add or save within your Workspace account (e.g. saved references, notes) is linked to that account. The use of Lean Library is designed to maintain your anonymity when browsing.
What Lean Library Does NOT Collect
Your privacy is our top priority. We are only interested in data that helps us improve your academic research experience. Therefore, the Lean Library extension does not store.
- Information about your non-academic browsing activity (e.g. non-database website URLs).
- Data from your bank or credit card accounts.
- Information from your email account.
- Any personal information that you have not directly provided to us or explicitly permitted us to record.
How We Use Your Information
- To provide the Lean Library service and its features.
- To improve the extension and your future experience.
- For internal analysis and troubleshooting.
- We may use anonymised, aggregated data (data that cannot be linked back to you personally) for marketing materials, like blog posts, case studies, or white papers.
- If you have a Lean Library Workspace account, we use your name and email to manage that account and link the content you save and share within it.
Links to Other Websites
The Lean Library extension may link you to other online database websites. Please remember that we are not responsible for the content or privacy practices of these external sites. Always read their privacy policies before using them.
Talis
This section explains how your data is handled when you use Talis products and services, such as Talis Aspire, Talis Courseflow, or Talis Elevate.
Talis provides solutions primarily for academic institutions to manage and deliver reading lists, digital resources, and collaborative learning experiences.
Information We Collect and Why
The type of information we collect depends on whether we are acting as a Data Processor (on behalf of your institution) or a Data Controller (for our own purposes).
As a Data Processor (on behalf of your institution)
We process personal data to enable the core functions of our products for your institution.
- User Profile Data: This includes your Name, Email address, Job title (if applicable), Persistent ID (issued by your institution at sign-in), Talis user IDs, and IP address.
- Why? To operate key functions like user profile pages, personalisation features, user reports, and displaying user information in administrative workflows. This data also supports user analytics relevant to reports used by your institution.
- Log Files & Backups: Information is captured in log files, and data is included in system backups.
- Why? To help us operate, support, and troubleshoot the system, and to ensure data recovery and application functions.
- Consultancy & Implementation: If we are engaged by your institution to perform consultancy, roll out products, create bespoke reports, or amend/import/export user data.
- Why? To fulfil our contractual obligations and assist your institution with its specific needs related to our products.
As a Data Controller (for our own purposes)
We process personal data primarily to manage our direct relationship with your institution and its staff.
- Customer Staff Data: This includes Name, Email address, Work address (if relevant), Job title (if applicable), Role in the application, Persistent ID (issued by your institution at sign-in), Talis user IDs, and IP address.
- Why? To communicate with your institution’s staff during implementation and ongoing account management, allow them to provide feedback, obtain information about our products, and manage customer support or consulting services.
- Direct End-User Support Data: When we provide direct end-user support via in-application communication (this does not apply to all customers).
- Why? To provide direct assistance and resolve issues for end-users.
- Marketing & Information Updates: Data is used to send regular information updates about our products and services.
- Why? To keep customers informed about product developments and for marketing purposes.
- Specific Consulting Engagement Data: In some consulting engagements, we may act as a Data Controller for certain data.
- Why? This will be clarified with customers at the point of engagement, depending on the specific requirements.
What Talis Does NOT Collect
We focus on collecting only the data necessary to provide and improve our services to your institution, we do not collect.
- Sensitive personal data beyond what is explicitly outlined above (e.g. health information, racial or ethnic origin, political opinions, religious beliefs).
- Financial details like bank or credit card accounts from end-users.
How We Use Your Information
- To provide and operate our products and services to your institution.
- To support and troubleshoot our systems.
- To manage our relationship with your institution and its staff.
- To improve our products and develop new features.
- For internal analysis and reporting.
- To communicate product updates and marketing information.
General Privacy Practices (Applicable to All Products)
The following practices apply across all products and services offered by Technology from Sage.
When We Share Your Information
We may share the information we collect in specific, controlled circumstances, ensuring your data is protected:
- As Required by Law: If we are legally required to disclose information, such as in response to a court order or government request.
- For Your Safety and Protection: When we believe in good faith that disclosure is necessary to protect your safety, the safety of others, to investigate fraud, or to protect our rights.
- With Our Trusted Service Providers: We work with third-party service providers (e.g. cloud hosting, analytics, customer support platforms) who assist us in operating and improving our products. These providers are only allowed to use the information for the specific services we hire them for, act on our instructions, and are bound by strict contractual agreements to protect your data.
- In Business Changes: If Technology from Sage (or a product line like Lean Library or Talis) is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. You will be notified of any such change in ownership or use of your information.
- With Partners (Anonymised Data Only): We may disclose anonymised and aggregated data (data that cannot be linked back to you personally) with our partners or for marketing purposes. This helps us and our partners understand trends, improve access to academic materials, or enhance products without revealing your identity.
How Long do We Keep Your Information
We retain your information for as long as necessary to provide the service you are using, for operational purposes, or as required by law:
- Service Provision: We keep data for as long as you maintain an active account with us or have our products (like the Lean Library Extension) installed.
- Operational & Compliance Needs: We retain information for a reasonable period thereafter for purposes such as troubleshooting, record-keeping, and meeting legal or regulatory obligations.
- Specific Retention Periods: Some types of data have defined retention periods. For example, log file data and backup data are typically kept for 90 days before deletion.
- Legitimate Interests: We may retain data as necessary for our legitimate business interests, such as managing customer relationships or resolving disputes.
Where Your Data Is Processed and Stored
We are committed to securing your data:
- Our primary data processing and storage is with ISO27001/SOC2 certified data centres situated within the European Union (EU) or Canada (for Talis Canadian customers only).
- In some cases, we may utilise trusted third-party service providers who operate data centres outside the EU for certain auxiliary data or specific processing tasks (e.g. for analytics or global support). In such instances, we implement appropriate safeguards, such as Standard Contractual Clauses, to ensure your data remains protected to EU standards.
How We Protect Your Data
We employ a comprehensive range of security measures to protect the information we process and maintain:
- Accreditations & Certifications: We are accredited via the Cyber Essentials scheme, and our data centres hold certifications such as ISO27001 and SOC2/3.
- Secure Communications: Our products are delivered to users via HTTPS, ensuring encrypted communication.
- Access Controls: Server access is secured by encrypted keys, two-factor authentication (2FA), and hardened firewalls, limiting access to only authorised employees and contractors.
- Regular Audits: We conduct regular “black box” and “white box” security audits by independent third parties to identify and address vulnerabilities.
- Physical, Electronic, and Procedural Safeguards: We utilise a combination of these safeguards to protect against unauthorised access, disclosure, alteration, or destruction of information.
For Our Non-EU Customers
While customers and users outside the European Union are not directly affected by GDPR (General Data Protection Regulation) laws, the requirements and obligations on Technology from Sage significantly impact the processing of all personal data, since a substantial portion of our processing takes place within the EU. In general terms, GDPR principles enhance the security and privacy of personal data for all users globally.
Technology from Sage operates to ensure compliance with its privacy and personal data obligations in all relevant territories and will continue to do so.