At Veridian we take privacy seriously. We’ve always paid close attention to the ways personal data is managed within our software and systems and we fully supported the implementation of the GDPR in 2018.
We welcomed the opportunity to further protect the privacy rights of our customers, along with those of their audiences who engage with digital collections via Veridian software.
What is the GDPR?
The General Data Protection Regulation or GDPR is a piece of EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
It effectively concerns any website that may be accessed by anyone in Europe. That means that for all intents and purposes it affects every website in the world! So at Veridian we’re applying the standards the GDPR sets across the board.
The GDPR is a big, complex piece of legislation, and is open to interpretation. We agree with the intent of it though, which is that individuals should be made aware of personal information being collected and what it’s being used for. In addition, those individuals should have the right to delete that information if they choose to do so.
Will my Veridian digital collection be GDPR compliant?
We host and maintain digital collection websites for a range of customers worldwide, from National and University Libraries, to specialised archives and historical societies.
In these cases as far as the GDPR is concerned, Veridian is known as the “data processor” and the institution as the “data controller”. Different institutions may have varying data privacy requirements depending on where they’re based in the world, and we’re happy to work with each to reach GDPR compliance.
By default Veridian software is as compliant as possible and contains all the necessary tools to allow our customers to choose a level of compliance they're comfortable with.
We are continually upgrading all Veridian based collections so they can obtain the privacy improvements we have made in 2018. These improvements include:
- A Veridian plain language privacy policy to explain what personal data we collect and what it is used for.
- Veridian’s social sharing capabilities have been completely redesigned, to replace the 3rd party tool we used previously, which had some data sharing implications we weren’t comfortable with.
- Veridian’s search history feature and other features for recording users’ browsing history within a digital collection are now “opt in”. So users now have to choose to allow Veridian to record their browsing history, instead of having that happen automatically.
- No personally identifiable information is recorded in Veridian’s logs. For example, email addresses that are used to log in to Veridian are obfuscated when they appear in usage logs.
How does Veridian software protect the personal data of its users?
The security of your user data is important to us and we work hard to ensure the Veridian platform and the systems on which it relies are as secure as is practically possible.
The Veridian platform does not use any cookies that include personal data.
Your collection users have the right to access any personal data we retain about them, to correct any errors in that data, or to delete it all, should they choose to do so.
What are a user’s privacy rights if engaging with a digital collection on the Veridian platform?
Both Veridian and the owner of the digital collection have an obligation to and a commitment to protect a user’s privacy while they engage with an online digital collection.
Each Veridian based collection has a Privacy Policy written in plain language. By reading this policy, patrons can learn about their rights and how to protect their personal data. They can also find out exactly what personal information may be collected, how it may be used and how it is protected.
An example of a Veridian collection Privacy Policy can be seen here.
If you have any questions or concerns about the GDPR as it relates to Veridian please contact us. We’re more than happy to help.