|Your rights||Your data|
|Sharing personal information is your choice. You can opt out, edit, review, or ask us to delete your information at any time.||Your data will be retained securely and used only for the specific purpose for which it was shared.|
|You can customize your cookie settings to limit non-essential cookies, including Google Analytics.||ITHAKA is a nonprofit. We do not engage in selling data.|
ITHAKA collects and uses personal information you provide in connection with the services it provides through its websites listed below (collectively, “ITHAKA Services” and “ITHAKA Websites”). You may contact us with any questions or concerns at any time.
ITHAKA provides this policy so that you can understand what information we collect and use based on which ITHAKA website you use and the specific ITHAKA service you engage, and the choices available to you regarding our use of, your access to, and how you can update such information in connection with the following services provided on ITHAKA’s Websites:
- Interacting with any ITHAKA website
- Using JSTOR, Artstor, Constellate, and/or Portico
- Submitting an inquiry, feedback, or testimonial to an ITHAKA website or social media page and/or
- Participating in an Ithaka S+R Project
Your rights under this policy
Sharing personal information is your choice and you can opt out: You can decide whether to provide personal information to us or organizations with which we conduct business as outlined in this policy. If you do not, you remain anonymous to us other than by association with an internet protocol address or other de-identified authentication mechanism. If you provide us with personal information, you may also later opt out of our use of your personal information by contacting us at firstname.lastname@example.org or by following the unsubscribe instructions, including in newsletter and marketing emails. We will also remove you and your personal information from our records or refrain from using your personal information in connection with certain services on request if you contact us with your request at email@example.com. Please note that this may prevent you from accessing ITHAKA’s services, including JSTOR, your personal JSTOR account, Publisher Sales Service, and certain Artstor websites and services as described below.
You may review or edit your information: Upon request, ITHAKA will provide you with information about whether we hold any of your personal information and allow you to delete or update your information to correct inaccuracies. We will respond to your request within a reasonable timeframe. You will need to provide sufficient identifying information, such as your name and email address and possible additional identifying information as a security precaution.
Please note, because of the way we maintain certain services, after you delete or amend your information, residual copies of your information may take a period of time before they are deleted from our active servers and may remain in our backup systems.
We will retain and use your data only as long as is appropriate: We will retain your information as long as you have not opted out and (i) as long as your account is active or as needed to provide you services or (ii) as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We employ data retention policies to ensure that personal information is removed after provision of services has been terminated or if there has been prolonged account inactivity.
You must be 16 or older: ITHAKA does not knowingly collect personal information from anyone under the age of 16. If it is discovered that we have collected personal information from someone under 16 we promptly will delete that information. Please note: As stated above, ITHAKA does not collect personal information unless you choose to share it. Users under 16 may use the ITHAKA Websites directly on the internet and/or through their institution account as long as they do not take steps to share their personal information.
You consent to this policy only when you choose to share personal information with ITHAKA: By choosing to engage with the ITHAKA Websites and ITHAKA Services in the ways described in this policy, you consent to the collection and use, as described below, of the information you provide to us (unless or until you opt out).
We employ practices to hold your information securely: We protect your personal information from unauthorized access and disclosure through the use of passwords, physical security measures, managerial measures, and (in connection with credit card information for order sales through JPASS, the Publisher Sales Service, Individual Access, and for purchase of ITHAKA- branded merchandise) encryption through our third party service providers. We adhere to SOC 2 information security standards. SOC 2 is a technical audit that requires organizations to establish strict information security policies and procedures to protect customer data. ITHAKA undergoes annual external audits to ensure ongoing compliance with the physical, administrative, and technical safeguards required under the SOC 2 framework.
We nonetheless recognize that third parties may obtain access to information through unlawful actions, and thus do not promise that your information always will remain private, despite our efforts and the importance we place on maintaining your privacy. In addition, we do not claim any responsibility for information collected by or from websites linking to or from ITHAKA Websites. In the event that we discover or are notified of a security breach where personal information is at risk, we will notify you electronically if we have your email address and if you have not opted out of such communications.
We seek to enforce this policy and will address complaints appropriately: We periodically verify that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with applicable laws, including but not limited to the European Union’s General Data Protection Regulation (“GDPR”). If you have any concerns about the application of this policy, please contact us so we may investigate. We will attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy. However, if you have an unresolved privacy or data concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request or, for individuals subject to the GDPR, you may seek an administrative or judicial remedy or to lodge a complaint with a supervisory authority where you reside, where you work, or where the alleged infringement took place. Information on how to file a complaint under the GDPR is available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
These are the ITHAKA Websites and associated ITHAKA Services through which you may provide personal information:
|ITHAKA Websites||ITHAKA Services|
|jstor.org and artstor.org||JSTOR and Artstor branded services, including, Individual Access, Publisher Sales Service, JSTOR Global Plants, Artstor Digital Library, JSTOR Forum, SAHARA, Copyright Checkpoint, and the Images for Academic Publishing (IAP) service|
|sr.ithaka.org and higheredinprisonresearch.org||Ithaka S+R strategy and research services (including for its Higher Education in Prison Research project)|
|constellate.org||Constellate text analytics research service|
|portico.org||Portico preservation service|
We collect and use personal information to enable your use of ITHAKA Websites and ITHAKA Services. We use this personal information in ways that are compatible with the purposes for which it was intended to be used as well as to enforce the applicable terms and conditions of our ITHAKA Websites and will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. Please note: We are a non-profit organization and do not sell your personal information. Furthermore, we do not use your information for a commercial purpose beyond delivering the services and communications you have elected to receive or which provide information about such services.
Our collection and use of personal information depends on how you choose to interact with or engage in our ITHAKA Websites and ITHAKA Services:
We may use and share certain information:
- For monitoring, operation and improvement of the ITHAKA Websites:
- In aggregate form to track and analyze site usage (no personal information is identifiable to participating institutions, content providers, researchers, and the general public).
- To improve the design of ITHAKA Websites for the benefit of our users.
- In log files for the purpose of customer support, making improvements to the ITHAKA Websites, and/or monitoring for abuse of the ITHAKA Websites. The log files may contain the following automatically connected data (that is linked to other information we collect about you): internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, including but not limited to, logging activities performed within a single user session.
- Through cookies:
- “Cookies” (small pieces of text that are stored on your computer and act as a tool for controlling certain system variables and storing system configuration information in the internet environment) store user preferences for viewing and printing, regional and geographical information connected to an IP address, and authentication information.
- As required by law:
- If required to do so by law or if we believe in good faith that such action is necessary to comply with the law or a legal proceeding such as to comply to a subpoena, bankruptcy proceedings or similar legal process or otherwise required in response to lawful requests by public authorities (such as national security or law enforcement requirements); to protect against violations of our Terms and Conditions of Use; or to protect and defend our rights and property or the rights and property of rights holders whose content is made available through ITHAKA Websites.
- If ITHAKA is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
- With third parties to help provide services:
- With service providers with whom we have entered into agreements to assist us with our business operations.
- With applicable publishers, other content providers, and libraries, who can better assist with your inquiries, and to enable them to inform users of services provided by ITHAKA and/or the third parties’ products and services that may be of interest.
- When transferring personally identifying information that is subject to the European Union’s General Data Protection Regulations (GDPR), we require a GDPR-approved transfer mechanism to be in place, such as Standard Contractual Clauses.
- Non-personal information: We collect the type of browser you are using (e.g., Firefox, Internet Explorer), the type of operating system you are using (e.g., Windows or Mac), and the domain name of your Internet service provider to provide you with the correct browser experience and detect robotic activity.
- No automated-decision practices without notice: Through this policy, we will notify individuals of any automated-decision making practices we may engage in regarding personal information, including the logic involved and the significance of the decision as well as the consequences for you. We also will ensure that you may opt out of such automated-decision making practices.
- We may collect and use personal information collected through correspondence (surveys posted on ITHAKA Websites, feedback provided in designated forms, statements posted on ITHAKA social networking pages) to respond to your inquiries and correspond with you, provide customer support and troubleshooting assistance, and provide service announcements or marketing communications you elect to receive.
- In connection with postings you may make that are available to the general public on any ITHAKA website or ITHAKA-related page on social networking sites such as Facebook and Twitter we may use your name, statement, comment, and affiliation in conference presentations, ITHAKA Service newsletters and communications, and marketing and announcement materials.
- We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
- Through my institution’s account:
- To enable your access to the JSTOR, Artstor, and Portico services through your library or institution and authenticate your identity for the purpose of accessing these services, we may collect information concerning the institution’s internet protocol address, your username and password, or other authentication methods, such as Shibboleth. You may also be able to authenticate via sign-in services utilized at your library or institution, such as Google Social Sign-On subject to Google’s privacy terms applicable to that service.
- Administrators at participating institutions can invite users to create a personal account with institutional access, and possibly with administrator functionality, by sending an account creation invite to that person’s email address. The recipient of that invite must complete the account registration process to activate the account. The table of user accounts affiliated with the institution are available to the participating institution administrators online or via file sent to the relevant administrator’s account email.
- For Artstor, to enable you to download images from the IAP service for publication purposes we collect and share with the institution providing the images for publication your name, email address, institutional affiliation, and other information you may provide. We may share your personal information with the content providers who provided those images for publication when you download an image for use in a publication.
- Through Publisher Sales Service, JPASS, or an Individual Access member program or to purchase JSTOR branded merchandise:
- To facilitate your order through the Publisher Sales Service (a service through the JSTOR archive that facilitates the purchase of articles from publishers), JPASS, Individual Access, or to purchase ITHAKA branded merchandise, we may collect your name, postal address, email address and transactional information. We collect but do not store your credit card details through a third party service provider. ITHAKA may work with other organizations that provide specific services for us, such as credit card processing. We will provide only the personal information necessary for the third party to provide these services for us. These organizations may not use personal information except for the purpose of providing these services.
- With a personal user account:
- In connection with your voluntary creation of a personal account for JSTOR, Artstor, JSTOR Global Plants, or Constellate, we may collect your name, email address, username, institutional affiliation information, and password, as well as other information you may provide.
- Please note that certain Artstor functions require creation of a user account, including: downloading images, saving them to groups, creating presentations and sharing them with other Artstor users, uploading content to Personal Collections, and managing content in JSTOR Forum.
- Also in the case of Artstor services, to enable some institutions to provide administrative support services on behalf of their users, if you elect to register as a user of an Artstor website, you give ITHAKA permission to provide administrators at your institution, if it engages in this service, the email address you used to register so the administrator may access the image groups or other materials that you have created, make changes to such materials (including deleting such materials, either in full or in part), and contact you at the email address provided with respect to such materials, for the purpose of administering and supporting the institution’s subscription to the Artstor services and websites.
- For admin and support: We collect your personal information for system and account administration, customer support, troubleshooting purposes, for new product announcements and product updates related to your account, for service announcements, and for delivering service newsletters and marketing communications you elect to receive.
- For requests for information: In connection with requests for additional information about JSTOR, Artstor, Constellate, JSTOR Forum, or Portico, including but not limited to, obtaining access or additional information about these ITHAKA services on behalf of your institution, we may collect your name, email address, phone number, institutional affiliation information, country location, job title, and other information you may provide.
Attn: Office of the General Counsel
One Liberty Plaza
165 Broadway, 5th Floor
New York, New York 10006
Where required by applicable law, ITHAKA has appointed an internal data protection officer, who can be contacted at:
Attn: Heather Jensen
One Liberty Plaza
165 Broadway, 5th Floor
New York, New York 10006
Last updated on February 14, 2023