TRUSTe

We take your privacy seriously. This quick reference guide describes how ITHAKA uses your information and honors your data rights, and you can read our privacy policy below for more details. If you have any questions, please contact us at privacy@ithaka.org.

Your rights Your data
Sharing personal information is your choice. You can opt out, edit, review, or ask us to delete your information at any time. Your data will be retained securely and used only for the specific purpose for which it was shared.
You can customize your cookie settings to limit non-essential cookies, including Google Analytics. ITHAKA is a nonprofit. We do not engage in selling data.
We will notify you of updates to our privacy policy when we change the scope of how we use personal data. See Collection and Use of Information for more details about your data.

Privacy policy

ITHAKA collects and uses personal information you provide in connection with the services it provides through its websites listed below (collectively, “ITHAKA Services” and “ITHAKA Websites”). You may contact us with any questions or concerns at any time.

ITHAKA provides this policy so that you can understand what information we collect and use based on which ITHAKA website you use and the specific ITHAKA service you engage, and the choices available to you regarding our use of, your access to, and how you can update such information in connection with the following services provided on ITHAKA’s Websites:

Your rights under this policy

Sharing personal information is your choice and you can opt out: You can decide whether to provide personal information to us or organizations with which we conduct business as outlined in this policy. If you do not, you remain anonymous to us other than by association with an internet protocol address or other de-identified authentication mechanism. If you provide us with personal information, you may also later opt out of our use of your personal information by contacting us at privacy@ithaka.org or by following the unsubscribe instructions, including in newsletter and marketing emails. We will also remove you and your personal information from our records or refrain from using your personal information in connection with certain services on request if you contact us with your request at privacy@ithaka.org. Please note that this may prevent you from accessing ITHAKA’s services, including JSTOR, your personal JSTOR account, Publisher Sales Service, and certain Artstor websites and services as described below.

You may review or edit your information: Upon request, ITHAKA will provide you with information about whether we hold any of your personal information and allow you to delete or update your information to correct inaccuracies. We will respond to your request within a reasonable timeframe. You will need to provide sufficient identifying information, such as your name and email address and possible additional identifying information as a security precaution.

Please note, because of the way we maintain certain services, after you delete or amend your information, residual copies of your information may take a period of time before they are deleted from our active servers and may remain in our backup systems.

We will retain and use your data only as long as is appropriate: We will retain your information as long as you have not opted out and (i) as long as your account is active or as needed to provide you services or (ii) as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We employ data retention policies to ensure that personal information is removed after provision of services has been terminated or if there has been prolonged account inactivity.

You must be 16 or older: ITHAKA does not knowingly collect personal information from anyone under the age of 16. If it is discovered that we have collected personal information from someone under 16 we promptly will delete that information. Please note: As stated above, ITHAKA does not collect personal information unless you choose to share it. Users under 16 may use the ITHAKA Websites directly on the internet and/or through their institution account as long as they do not take steps to share their personal information.

You consent to this policy only when you choose to share personal information with ITHAKA: By choosing to engage with the ITHAKA Websites and ITHAKA Services in the ways described in this policy, you consent to the collection and use, as described below, of the information you provide to us (unless or until you opt out).
We will notify you of updates to this policy that affect use of your personal information: In order to reflect changes to our information practices, we may update this privacy policy from time to time. However, if we make any change in how we use the personal information you have already provided, we will notify you by email (sent to the email address specified in your account). We encourage you to periodically review this page for the latest information on our privacy practices and reach out to privacy@ithaka.org with any questions.

We employ practices to hold your information securely: We protect your personal information from unauthorized access and disclosure through the use of passwords, physical security measures, managerial measures, and (in connection with credit card information for order sales through JPASS, the Publisher Sales Service, Individual Access, and for purchase of ITHAKA- branded merchandise) encryption through our third party service providers. We adhere to SOC 2 information security standards. SOC 2 is a technical audit that requires organizations to establish strict information security policies and procedures to protect customer data. ITHAKA undergoes annual external audits to ensure ongoing compliance with the physical, administrative, and technical safeguards required under the SOC 2 framework. For more details, please see our SOC 3 Report.

We nonetheless recognize that third parties may obtain access to information through unlawful actions, and thus do not promise that your information always will remain private, despite our efforts and the importance we place on maintaining your privacy. In addition, we do not claim any responsibility for information collected by or from websites linking to or from ITHAKA Websites. In the event that we discover or are notified of a security breach where personal information is at risk, we will notify you electronically if we have your email address and if you have not opted out of such communications.

We seek to enforce this policy and will address complaints appropriately: We periodically verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with applicable laws, including but not limited to the European Union’s General Data Protection Regulation (“GDPR”). If you have any concerns about the application of this policy, please contact us so we may investigate. We will attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy. However, if you have an unresolved privacy or data concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request or, for individuals subject to the GDPR, you may seek an administrative or judicial remedy or to lodge a complaint with a supervisory authority where you reside, where you work, or where the alleged infringement took place. Information on how to file a complaint under the GDPR is available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

ITHAKA Websites and Services

These are the ITHAKA Websites and associated ITHAKA Services through which you may provide personal information:

ITHAKA Websites ITHAKA Services
jstor.org and artstor.org JSTOR and Artstor branded services, including, Individual Access, Publisher Sales Service, JSTOR Global Plants, Artstor Digital Library, JSTOR Forum, SAHARA, Copyright Checkpoint, and the Images for Academic Publishing (IAP) service
sr.ithaka.org and higheredinprisonresearch.org Ithaka S+R strategy and research services (including for its Higher Education in Prison Research project)
constellate.org Constellate text analytics research service
portico.org Portico preservation service

Collection and use of information

We collect and use personal information to enable your use of ITHAKA Websites and ITHAKA Services. We use this personal information in ways that are compatible with the purposes for which it was intended to be used as well as to enforce the applicable terms and conditions of our ITHAKA Websites and will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. Please note: We are a non-profit organization and do not sell your personal information. Furthermore, we do not use your information for a commercial purpose beyond delivering the services and communications you have elected to receive or which provide information about such services.

Our collection and use of personal information depends on how you choose to interact with or engage in our ITHAKA Websites and ITHAKA Services:

Interacting with any ITHAKA website:

We may use and share certain information:

  • For monitoring, operation and improvement of the ITHAKA Websites:
    • In aggregate form to track and analyze site usage (no personal information is identifiable to participating institutions, content providers, researchers, and the general public).
    • To improve the design of ITHAKA Websites for the benefit of our users.
    • In log files for the purpose of customer support, making improvements to the ITHAKA Websites, and/or monitoring for abuse of the ITHAKA Websites. The log files may contain the following automatically connected data (that is linked to other information we collect about you): internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, including but not limited to, logging activities performed within a single user session.
  • Through cookies:
    • “Cookies” (small pieces of text that are stored on your computer and act as a tool for controlling certain system variables and storing system configuration information in the internet environment) store user preferences for viewing and printing, regional and geographical information connected to an IP address, and authentication information.
    • We do not use cookies to identify what other sites you have visited; however, we do use certain tools to understand the flow of traffic to and from ITHAKA Websites.
    • You can control the use of cookies at the individual browser level in “Cookie Settings”, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.
    • Third party advertisers may use cookies or similar technologies to make it easier for you to navigate our site or, if you use the provided social sharing widgets on our site, to provide you with advertising based upon your browsing activities, but those cookies are not covered by our privacy policy. We do not have access or control over these cookies, if used, but there are associations that may assist with opting-out of receiving personalized ads from third party advertisers (for more information please see https://optout.aboutads.info or in the European Union https://www.youronlinechoices.com/).
    • For more information, please see our Cookie Policy at https://www.ithaka.org/cookies.
  • As required by law:
    • If required to do so by law or if we believe in good faith that such action is necessary to comply with the law or a legal proceeding such as to comply to a subpoena, bankruptcy proceedings or similar legal process or otherwise required in response to lawful requests by public authorities (such as national security or law enforcement requirements); to protect against violations of our Terms and Conditions of Use; or to protect and defend our rights and property or the rights and property of rights holders whose content is made available through ITHAKA Websites.
    • If ITHAKA is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
  • With third parties to help provide services:
    • With service providers with whom we have entered into agreements to assist us with our business operations. for a current list of ITHAKA’s third-party service providers, see our Sub-Processor list.
    • With applicable publishers, other content providers, and libraries, who can better assist with your inquiries, and to enable them to inform users of services provided by ITHAKA and/or the third parties’ products and services that may be of interest.
    • We require that these parties, located in the US and internationally, agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate security measures.
    • When transferring personally identifying information that is subject to the European Union’s General Data Protection Regulations (GDPR), we require a GDPR-approved transfer mechanism to be in place, such as Standard Contractual Clauses.
  • Non-personal information: We collect the type of browser you are using (e.g., Firefox, Internet Explorer), the type of operating system you are using (e.g., Windows or Mac), and the domain name of your Internet service provider to provide you with the correct browser experience and detect robotic activity.
  • No automated-decision practices without notice: Through this policy, we will notify individuals of any automated-decision making practices we may engage in regarding personal information, including the logic involved and the significance of the decision as well as the consequences for you. We also will ensure that you may opt out of such automated-decision making practices.

Submitting an inquiry, feedback, or testimonial to an ITHAKA Website or social media page:

  • We may collect and use personal information collected through user communications (surveys posted on ITHAKA Websites, feedback provided in designated forms and forums, statements posted on ITHAKA social networking pages) to respond to your inquiries and correspond with you, provide customer support and troubleshooting assistance, and provide service announcements or marketing communications you elect to receive.
  • Social media features on the ITHAKA Websites, such as the Facebook Like button and widgets such as the ShareThis button or interactive mini-programs that run on our site may collect your IP address, which page you are visiting on our site, and may set a cookie to enable these features to function properly. These features are either hosted by a third party or hosted directly on our site and are governed by the privacy policy of the company providing the relevant feature.
  • In connection with postings you may make that are available to the general public on any ITHAKA website or ITHAKA-related page on social networking sites such as Facebook and Twitter we may use your name, statement, comment, and affiliation in conference presentations, ITHAKA Service newsletters and communications, and marketing and announcement materials.
  • We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@ithaka.org.

Using JSTOR, Artstor, Constellate, and/or Portico:

  • Through my institution’s account:
    • To enable your access to the JSTOR, Artstor, and Portico services through your library or institution and authenticate your identity for the purpose of accessing these services, we may collect information concerning the institution’s internet protocol address, your username and password, or other authentication methods, such as Shibboleth. You may also be able to authenticate via sign-in services utilized at your library or institution, such as Google Social Sign-On subject to Google’s privacy terms applicable to that service.
    • Administrators at participating institutions can invite users to create a personal account with institutional access, and possibly with administrator functionality, by sending an account creation invite to that person’s email address. The recipient of that invite must complete the account registration process to activate the account. The table of user accounts affiliated with the institution are available to the participating institution administrators online or via file sent to the relevant administrator’s account email.
    • For Artstor, to enable you to download images from the IAP service for publication purposes we collect and share with the institution providing the images for publication your name, email address, institutional affiliation, and other information you may provide. We may share your personal information with the content providers who provided those images for publication when you download an image for use in a publication.
  • Through Publisher Sales Service, JPASS, or an Individual Access member program or to purchase JSTOR branded merchandise:
    • To facilitate your order through the Publisher Sales Service (a service through the JSTOR archive that facilitates the purchase of articles from publishers), JPASS, Individual Access, or to purchase ITHAKA branded merchandise, we may collect your name, postal address, email address and transactional information. We collect but do not store your credit card details through a third party service provider. ITHAKA may work with other organizations that provide specific services for us, such as credit card processing. We will provide only the personal information necessary for the third party to provide these services for us. These organizations may not use personal information except for the purpose of providing these services.
  • With a personal user account:
    • In connection with your voluntary creation of a personal account for JSTOR, Artstor, JSTOR Global Plants, or Constellate, we may collect your name, email address, username, institutional affiliation information, and password, as well as other information you may provide.
    • Please note that certain Artstor functions require creation of a user account, including: downloading images, saving them to groups, creating presentations and sharing them with other Artstor users, uploading content to Personal Collections, and managing content in JSTOR Forum.
    • Also in the case of Artstor services, to enable some institutions to provide administrative support services on behalf of their users, if you elect to register as a user of an Artstor website, you give ITHAKA permission to provide administrators at your institution, if it engages in this service, the email address you used to register so the administrator may access the image groups or other materials that you have created, make changes to such materials (including deleting such materials, either in full or in part), and contact you at the email address provided with respect to such materials, for the purpose of administering and supporting the institution’s subscription to the Artstor services and websites.
  • For admin and support: We collect your personal information for system and account administration, customer support, troubleshooting purposes, for new product announcements and product updates related to your account, for service announcements, and for delivering service newsletters and marketing communications you elect to receive.
  • For requests for information: In connection with requests for additional information about JSTOR, Artstor, Constellate, JSTOR Forum, Transfer Explorer, or Portico, including but not limited to, obtaining access or additional information about these ITHAKA services on behalf of your institution, we may collect your name, email address, phone number, institutional affiliation information, country location, job title, and other information you may provide.

Participating in an Ithaka S+R project

  • In some instances, Ithaka S+R may be contracted to provide services to third parties, which may involve collecting your personal information. In such cases, the privacy policy governing the collection of your personal information shall be as set forth in such third parties’ privacy policies and we may share your personal information with such third parties, such as an institution with which you are affiliated, where you explicitly consent to our sharing your information.

Contact us

If you have any inquiries about this Privacy Policy or its implementation, you may contact us at privacy@ithaka.org, or by mail at:

ITHAKA
Attn: Office of the General Counsel
One Liberty Plaza
165 Broadway, 5th Floor
New York, New York 10006

Where required by applicable law, ITHAKA has appointed an internal data protection officer, who can be contacted at:

ITHAKA
Attn: Heather Jensen
One Liberty Plaza
165 Broadway, 5th Floor
New York, New York 10006
privacy@ithaka.org

Last updated on March 29, 2024