Read Latest Edition of SpringyNews: A New Spring Outlook
 Email Sign Up
GDPR Compliance
Springshare is fully compliant with GDPR as of May 25, 2018
GDPR Refresher
GDPR stands for the General Data Protection Regulation, a new European Union (“EU”) law that regulates the personal data of individuals in the EU. GDPR replaces the the EU’s current prior law, EU Data Protection Directive, which had been in place since 1995.
GDPR defines personal data as any type of information that identifies or can be linked to an individual. In addition to the usual types of personal data (i.e. name, address, phone number), this definition can also include information such as an IP address or device identifier. The GDPR requires entities to handle personal data in specific ways and gives individuals new rights related to the processing of their personal data, among other obligations.
Springshare has always been very careful when handling our customers' data, and our privacy policy has been favorable to our users. Springshare never shares or resells our customers' private data with third parties. There have been a few occasions when librarians from our client institutions have approached us about using aggregate statistics data in their academic research, but for every one of these instances we obtained written permission from affected institutions about using anonymized data for research purposes.
Since 2017 we have been operating a dedicated EU data center which hosts applications and content for our European client institutions. We have four (4) worldwide data center clusters (United States, European Union, Australia, and Canada) and they are all independent of one another i.e. the data does not flow back-and-forth. This ensures Springshare's compliance with the GDPR safeguards for cross-border data transfer - the personal data of our EU clients is not transferred "cross-border" outside of EU.
Here are the specific steps and initiatives we've undertaken, which were completed by the May 25, 2018 deadline. These steps ensured Springshare's and your compliance with GDPR.

Collecting and Storing Personal Information for Registered Users
Registered Users/Account Holders are librarians (and some non-librarians) who have an account in any of Springshare tools - LibGuides, LibAnswers, LibCal, LibStaffer, etc. For these users to use Springshare tools and have an account we need their name, email, and sometimes their phone number too i.e. they need to share some personal information with us.

Collecting and Storing Personal Information for Patrons/Visitors
When libraries/institutions license and use Springshare tools, they do it so their users (patrons) can access and use them. There are many millions of patrons who use Springshare tools but do not need to register or have an account in these tools. GDPR has implication for these users, too. IP addresses are considered personally-identifiable information according to GDPR and the IP addresses of website visitors are recorded in our logs. Also, every Springshare app uses browser cookies for its regular operation.

Updates to the Springshare Privacy Policy
Springshare's privacy policy is described here -​. We have updated and reviewed it in order to fully comply with GDPR. We also link to this privacy policy from any relevant public and administrative screen in our apps.

Emails from Springshare to Our Users
Springshare staff does not email patrons (i.e. your institutions' users) for any reason. The only exception to this are two scenarios - a) automatically generated emails from inside apps during the normal course of operation of the app (e.g. booking a room reservation or asking a reference question and receiving an email confirmation), or b) when we receive email support requests from patrons and we respond to them. No changes were needed in this regard for GDPR compliance.
Librarians who have accounts in Springshare apps receive several types of emails from Springshare:

Springshare Data Privacy Office & Contact for GDPR-Related Actions
We have a dedicated email inbox and dedicated staff who:
  1. Receive and review all requests for removing specific data from Springshare's tools.
  2. Upon review, act on these requests and ensure that data in question is removed in a timely manner.

Additional Steps and Actions Springshare is Undertaking
In addition to the actions described above, we have also undertaken a company-wide effort regarding Springshare's GDPR compliance efforts. Some of our activities included:
It is important to note that these new privacy-protection-related features in our platform are available to *all* Springshare client institutions worldwide, not just our European clients. Every one of our client institutions, anywhere in the world, has access to these privacy-related features described above.

If you have any questions or concerns about Springshare's GDPR efforts, please do not hesitate to reach out to us at
Let's Get Social
Tweets by @springshare
From Our Blog
Meet the Librarians Saving Us from the Infodemic
Elaine R. Hicks, Stacy Brody, and Sara Loree, founder and co-leads of the Librarian Reserve Corps... read more
We Are @ACRL Virtual Conference
We are going fully digital at this year’s virtual ACRL Annual Conference (April 13 – 16)... read more
Get One-on-One Help with Springshare Consulting
If the last year has taught us anything, it’s that we can’t do everything by ourselves… all the time... read more
April Product Updates
These features will be live in all regions by the end of the day on Friday, April 9... read more
Creating a Regional Chat Cooperative
We chatted with three amazing librarians to talk about the importance of having support from a global chat cooperative... read more
GDPR CompliantPrivacy PolicyContact
© 2007-2020 All Rights Reserved.