Read Latest Edition of SpringyNews: Are You Connecting?
 Email Sign Up
GDPR Compliance
Springshare is fully compliant with GDPR as of May 25, 2018
GDPR Refresher
GDPR stands for the General Data Protection Regulation, a new European Union (“EU”) law that regulates the personal data of individuals in the EU. GDPR replaces the the EU’s current prior law, EU Data Protection Directive, which had been in place since 1995.
GDPR defines personal data as any type of information that identifies or can be linked to an individual. In addition to the usual types of personal data (i.e. name, address, phone number), this definition can also include information such as an IP address or device identifier. The GDPR requires entities to handle personal data in specific ways and gives individuals new rights related to the processing of their personal data, among other obligations.
Springshare has always been very careful when handling our customers' data, and our privacy policy has been favorable to our users. Springshare never shares or resells our customers' private data with third parties. There have been a few occasions when librarians from our client institutions have approached us about using aggregate statistics data in their academic research, but for every one of these instances we obtained written permission from affected institutions about using anonymized data for research purposes.
Since 2017 we have been operating a dedicated EU data center which hosts applications and content for our European client institutions. We have four (4) worldwide data center clusters (United States, European Union, Australia, and Canada) and they are all independent of one another i.e. the data does not flow back-and-forth. This ensures Springshare's compliance with the GDPR safeguards for cross-border data transfer - the personal data of our EU clients is not transferred "cross-border" outside of EU.
Here are the specific steps and initiatives we've undertaken, which were completed by the May 25, 2018 deadline. These steps ensured Springshare's and your compliance with GDPR.

Collecting and Storing Personal Information for Registered Users
Registered Users/Account Holders are librarians (and some non-librarians) who have an account in any of Springshare tools - LibGuides, LibAnswers, LibCal, LibStaffer, etc. For these users to use Springshare tools and have an account we need their name, email, and sometimes their phone number too i.e. they need to share some personal information with us.

Collecting and Storing Personal Information for Patrons/Visitors
When libraries/institutions license and use Springshare tools, they do it so their users (patrons) can access and use them. There are many millions of patrons who use Springshare tools but do not need to register or have an account in these tools. GDPR has implication for these users, too. IP addresses are considered personally-identifiable information according to GDPR and the IP addresses of website visitors are recorded in our logs. Also, every Springshare app uses browser cookies for its regular operation.

Updates to the Springshare Privacy Policy
Springshare's privacy policy is described here -​. We have updated and reviewed it in order to fully comply with GDPR. We also link to this privacy policy from any relevant public and administrative screen in our apps.

Emails from Springshare to Our Users
Springshare staff does not email patrons (i.e. your institutions' users) for any reason. The only exception to this are two scenarios - a) automatically generated emails from inside apps during the normal course of operation of the app (e.g. booking a room reservation or asking a reference question and receiving an email confirmation), or b) when we receive email support requests from patrons and we respond to them. No changes were needed in this regard for GDPR compliance.
Librarians who have accounts in Springshare apps receive several types of emails from Springshare:

Springshare Data Privacy Office & Contact for GDPR-Related Actions
We have a dedicated email inbox and dedicated staff who:
  1. Receive and review all requests for removing specific data from Springshare's tools.
  2. Upon review, act on these requests and ensure that data in question is removed in a timely manner.

Additional Steps and Actions Springshare is Undertaking
In addition to the actions described above, we have also undertaken a company-wide effort regarding Springshare's GDPR compliance efforts. Some of our activities included:
It is important to note that these new privacy-protection-related features in our platform are available to *all* Springshare client institutions worldwide, not just our European clients. Every one of our client institutions, anywhere in the world, has access to these privacy-related features described above.

If you have any questions or concerns about Springshare's GDPR efforts, please do not hesitate to reach out to us at
Let's Get Social
Tweets by @springshare
From Our Blog
Thanks for a great Library Journal Fall Summit!
We had a wonderful time at the Library Journal Fall Summit. While we missed the... read more
LibConnect with ILS Integration Saves Time
Increase engagement and save time with LibConnect and ILS integration... read more
Springshare @ Upcoming Conferences
We miss seeing you f2f in the before times. But in the meantime, we are at these virtual conferences... read more
Keeping up with Springshare
Knowing all the stuff you are supposed to know is tough. This post covers all the ways to keep up with... read more
Check out these recent webinars that the Springshare team held from LibCal Interactive Mapping to... read more
GDPR Compliant​Accessibility StatementPrivacy PolicyContact
© 2007-2020 All Rights Reserved.