Request a Demo
Menu
Privacy policy Publisher Neutrality Sub-processors

Privacy Policy

At Talis, we believe in being open and honest about how we use your data. This policy explains our approach to privacy, product by product, so you can easily understand what information we collect, why we collect it, and how we keep it safe.

Data protection law means our role can change depending on how your personal data is being used by our products.

Data Controller

When we act as a ‘Data Controller’, it means we determine why and how certain personal data is processed. This typically applies to data related to our direct relationship with you (e.g. managing your account with us, providing direct support, or for our marketing).

Data Processor

When we act as a ‘Data Processor’, it means we process personal data on behalf of another organisation (our customer, such as your library or institution). In this case, your library or institution is the ‘Data Controller’ and decides why and how your data is used. We follow their instructions and process the data in line with our agreement with them.

Privacy Policy for Talis Products

This section explains how your data is handled when you use Talis products and services, such as Talis Aspire, Talis Courseflow, or Talis Elevate.

Talis provides solutions primarily for academic institutions to manage and deliver reading lists, digital resources, and collaborative learning experiences.

Information We Collect and Why

The type of information we collect depends on whether we are acting as a Data Processor (on behalf of your institution) or a Data Controller (for our own purposes).

As a Data Processor (on behalf of your institution)
We process personal data to enable the core functions of our products for your institution.

  • User Profile Data: This includes your Name, Email address, Job title (if applicable), Persistent ID (issued by your institution at sign-in), Talis user IDs, and IP address.
    • Why? To operate key functions like user profile pages, personalisation features, user reports, and displaying user information in administrative workflows. This data also supports user analytics relevant to reports used by your institution.
  • Log Files & Backups: Information is captured in log files, and data is included in system backups.
    • Why? To help us operate, support, and troubleshoot the system, and to ensure data recovery and application functions.
  • Consultancy & Implementation: If we are engaged by your institution to perform consultancy, roll out products, create bespoke reports, or amend/import/export user data.
    • Why? To fulfil our contractual obligations and assist your institution with its specific needs related to our products.

As a Data Controller (for our own purposes)
We process personal data primarily to manage our direct relationship with your institution and its staff.

  • Customer Staff Data: This includes Name, Email address, Work address (if relevant), Job title (if applicable), Role in the application, Persistent ID (issued by your institution at sign-in), Talis user IDs, and IP address.
    • Why? To communicate with your institution’s staff during implementation and ongoing account management, allow them to provide feedback, obtain information about our products, and manage customer support or consulting services.
  • Direct End-User Support Data: When we provide direct end-user support via in-application communication (this does not apply to all customers).
    • Why? To provide direct assistance and resolve issues for end-users.
  • Marketing & Information Updates: Data is used to send regular information updates about our products and services.
    • Why? To keep customers informed about product developments and for marketing purposes.
  • Specific Consulting Engagement Data: In some consulting engagements, we may act as a Data Controller for certain data.
    • Why? This will be clarified with customers at the point of engagement, depending on the specific requirements.
What Talis Does NOT Collect

We focus on collecting only the data necessary to provide and improve our services to your institution, we do not collect.

  • Sensitive personal data beyond what is explicitly outlined above (e.g. health information, racial or ethnic origin, political opinions, religious beliefs).
  • Financial details like bank or credit card accounts from end-users.
How We Use Your Information
  • To provide and operate our products and services to your institution.
  • To support and troubleshoot our systems.
  • To manage our relationship with your institution and its staff.
  • To improve our products and develop new features.
  • For internal analysis and reporting.
  • To communicate product updates and marketing information.
When We Share Your Information

We may share the information we collect in specific, controlled circumstances, ensuring your data is protected:

  • As Required by Law: If we are legally required to disclose information, such as in response to a court order or government request.
  • For Your Safety and Protection: When we believe in good faith that disclosure is necessary to protect your safety, the safety of others, to investigate fraud, or to protect our rights.
  • With Our Trusted Service Providers: We work with third-party service providers (e.g. cloud hosting, analytics, customer support platforms) who assist us in operating and improving our products. These providers are only allowed to use the information for the specific services we hire them for, act on our instructions, and are bound by strict contractual agreements to protect your data.
  • In Business Changes: If Talis is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. You will be notified of any such change in ownership or use of your information.
  • With Partners (Anonymised Data Only): We may disclose anonymised and aggregated data (data that cannot be linked back to you personally) with our partners or for marketing purposes. This helps us and our partners understand trends, improve access to academic materials, or enhance products without revealing your identity.
How Long do We Keep Your Information

We retain your information for as long as necessary to provide the service you are using, for operational purposes, or as required by law:

  • Service Provision: We keep data for as long as you maintain an active account with us or have our products.
  • Operational & Compliance Needs: We retain information for a reasonable period thereafter for purposes such as troubleshooting, record-keeping, and meeting legal or regulatory obligations.
  • Specific Retention Periods: Some types of data have defined retention periods. For example, log file data and backup data are typically kept for 90 days before deletion.
  • Legitimate Interests: We may retain data as necessary for our legitimate business interests, such as managing customer relationships or resolving disputes.
Where Your Data Is Processed and Stored

We are committed to securing your data:

  • Our primary data processing and storage is with ISO27001/SOC2 certified data centres situated within the European Union (EU) or Canada (for Talis Canadian customers only).
  • In some cases, we may utilise trusted third-party service providers who operate data centres outside the EU for certain auxiliary data or specific processing tasks (e.g. for analytics or global support). In such instances, we implement appropriate safeguards, such as Standard Contractual Clauses, to ensure your data remains protected to EU standards.
How We Protect Your Data

We employ a comprehensive range of security measures to protect the information we process and maintain:

  • Accreditations & Certifications: We are accredited via the Cyber Essentials scheme, and our data centres hold certifications such as ISO27001 and SOC2/3.
  • Secure Communications: Our products are delivered to users via HTTPS, ensuring encrypted communication.
  • Access Controls: Server access is secured by encrypted keys, two-factor authentication (2FA), and hardened firewalls, limiting access to only authorised employees and contractors.
  • Regular Audits: We conduct regular “black box” and “white box” security audits by independent third parties to identify and address vulnerabilities.
  • Physical, Electronic, and Procedural Safeguards: We utilise a combination of these safeguards to protect against unauthorised access, disclosure, alteration, or destruction of information.
For Our Non-EU Customers

While customers and users outside the European Union are not directly affected by GDPR (General Data Protection Regulation) laws, the requirements and obligations on Talis significantly impact the processing of all personal data, since a substantial portion of our processing takes place within the EU. In general terms, GDPR principles enhance the security and privacy of personal data for all users globally.

Talis operates to ensure compliance with its privacy and personal data obligations in all relevant territories and will continue to do so.

Complete the form below to download your whitepaper

Name(Required)
Consent
Download Whitepaper
This field is hidden when viewing the form
This field is hidden when viewing the form