Privacy Policy
Updates:
- 4/9/2025 Added information about Cloudflare cookies
- 9/10/2024 Removed information pertaining to YouTube cookies
Privacy Policy
HathiTrust respects the privacy of all visitors and users of its services.
Our goal is to limit the information we collect to what we need to support your use of HathiTrust Digital LIbrary.
We are committed to using your personal information only for the purposes for which it was collected.
HathiTrust does not sell your personal information and when we share it with outside parties, it is only to enable operations and services on HathiTrust’s behalf, meet legal obligations, or to protect the safety, property, or rights of our community, our guests, or that of HathiTrust’s administrative host, the University of Michigan.
If you have any concerns or questions about how your personal data is used, you can contact us at [email protected].
What Information We Collect
HathiTrust collects the following personal information in these ways:
- When you directly provide it to us, such as your identity, when you log in. What we collect depends, in part, on the information sent to us by your institution when you log in, which may include a pseudonymous identifier and your institutional affiliation. HathiTrust may also collect additional information such as your name and email address.
- When you create personalized collections, HathiTrust records your user identifier and the items you add to the collection. Depending on the information sent to us by your institution when you log in, HathiTrust may include your email address and name with your collection as well. This information will be visible to others if you choose to make your collection public.
- When technology we use captures your information automatically, such as information about the searches you perform, items you view, and other actions you perform (captured in our locally-hosted Matomo analytics, in system logs, and in application logs). This includes your IP address, information about your device and web browser, the date and time of the action, your user identification (if logged in), and the action performed.
- When you contact us via email to [email protected], which generates a ticket in our ticketing system. Information collected includes your email address and any other identifying information you include in your message (e.g., affiliation, title, contact information).
HathiTrust retains log information as required by the University of Michigan information security policies: https://it.umich.edu/information-technology-policies/general-policies/DS-19
How We Use Personal Information
Logging
HathiTrust’s access systems frequently track or “log” the actions performed by users of those systems. In some cases, specialized services or enhancements to system functionality require retaining the transaction logging. In other cases, data that can be tied to individuals will be kept intact only for a limited period of time. Its use will be restricted to troubleshooting and problem resolution related to system functions and service transactions. It is HathiTrust’s policy that no transaction logging containing personal information will be shared with third parties.
Information from transaction logs may be aggregated for reporting on types of use and uses of materials. For this purpose, information regarding individual identities or the source of the transaction will be removed. We will keep information only as long as necessary for the purposes for which it is being used.
HathiTrust uses a locally hosted instance of Matomo Analytics software to track usage data. When you visit our site, we will store: the website from which you arrived, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data in Matomo Analytics locally for statistical purposes, to improve our site, and to recognize and stop any misuse.
Opt-out of website tracking
You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users. You can opt out of being tracked by our Matomo Analytics instance below:
Authentication
HathiTrust uses Security Assertion Markup Language (SAML) authentication with Shibboleth to allow individuals affiliated with partner institutions to authenticate into HathiTrust. More about SAML, including privacy, is available on HathiTrust’s SAML authentication implementation page.
Individuals not affiliated with partner institutions can authenticate as a guest to create permanent collections in HathiTrust’s Collection Builder. Guest access requires either setting up a University of Michigan Friend Account using a valid email address or linking an active social media account.
- Users with Friend Accounts may choose a username to build collections in HathiTrust.
- Users linking social media accounts may share name and email address. Different social accounts send different identity information to the third-party social login vendor (Cirrus Identity) which manages verification. HathiTrust accepts and stores only the minimal information needed to provide you with access to this service.
If users choose to make collections public, their username is displayed in the public list of collections on the Collection Builder home page. No information is displayed if collections are made private.
If you linked your social media account to HathiTrust for a particular service, you may want to unlink it when you no longer need the service. You can request that the account be unlinked by contacting the University of Michigan’s ITS Service Center.
Surveys and Assessment
We may collect personal information and data to support assessment of services, collections, resources, or in support of research related to repository services. Such information is considered confidential and its use will be restricted to the specific purpose for which it was collected, and retained only as long as is necessary to attain that purpose.
HotJar
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
With Whom We Share Personal Information
We do not sell or rent your personal information collected here. We may, however, share your personal information in limited circumstances, such as with partners or external service providers that support our business activities. Specifically, we share your information with the following service providers:
Atlassian Jira
HathiTrust uses Jira, a hosted service provided by Atlassian, for issue tracking. When you contact us via [email protected] or submit a question or problem using the webform on our website, a ticket is generated in Jira with information about your request, including: your name, email address, IP address, web browser version, operating system version, whether or not and (if so) how you are logged in, the page from which you submitted the feedback form, and any other identifying information you include in your message (e.g., affiliation, title, contact information). This information, as well as any other data you share with our support team, is covered under the Atlassian privacy policy.
We may also share your personal information when required by law, or when we believe sharing will help to protect the safety, property, or rights of HathiTrust, our community, our guests, or that of HathiTrust’s administrative host, the University of Michigan.
Personally Identifiable Information in Works in the Repository
It is HathiTrust’s general policy, in consultation with depositing institutions, to remove access to works or portions of works when significant personally identifiable information is exposed that creates a cause for concern (e.g., Social Security numbers of individuals). Works where access is limited in this way will be indicated as “Limited (search-only)” in HathiTrust search interfaces, and the landing page for an item itself or relevant portions of the item will indicate that the item has been closed due to privacy concerns. If you wish to report PII observed in materials in the HathiTrust collection, please contact [email protected].
Privacy Notice Changes
This privacy notice may be updated from time to time. We will post the date our notice was last updated at the top of this privacy notice.
Special Notice for Persons Within the European Union
If you are located in the European Union (EU), then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”).
In addition to the privacy information provided above, there is additional information specific to the EU legal framework below. Please also see the University of Michigan GDPR resources webpage for more information.
Legal basis for processing
Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:
- Necessity for our legitimate interests or those of third parties to provide you with access to the collection;
- Consent (when you log in to use enhanced services, when you email us directly, for the research projects you may participate in)
Your rights
HathiTrust is committed to facilitating the exercise of the rights granted to you by EU data protection law in a timely manner.
In the context of our processing activities that are subject to the GDPR, you have the following rights regarding your personal information:
- Access, correction and other requests – You have the right to obtain confirmation of whether we process your personal data, as well as the right to obtain information about the personal data we process about you. You also have a right to obtain a copy of this data. Additionally, and under certain circumstances, you may have the right to obtain erasure, correction, restriction and portability of your personal data.
- Right to object – You have the right to object to receiving marketing materials from us by following the opt-out instructions in our marketing emails, as well as the right to object to any processing of your personal data based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal obligations.
- Right to withdraw consent – For all the processing operations that are based on your consent, you have the right to withdraw your consent at any time, and we will stop those processing operations as allowable by law.
- Right to withdraw consent – For the research projects you may participate in, you have the right to withdraw your consent at any time and we will stop collecting and discard any already-collected personal information.
Please note that when you make requests based on these rights, if we are not certain of your identity, we may need to ask you for further personal information to be used only for the purposes of replying to your request.
Retention period
We strive to keep personal data in our records only as long as necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.
Data transfers
When you interact with HathiTrust or the University of Michigan, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have been deemed by the European Commission to have an adequate level of legal protections for personal information. To ensure the lawful transfers of personal information from the EU, HathiTrust and the University of Michigan relies on the derogations laid out in Article 49 GDPR. In particular, we rely on your explicit consent for some of the transfers and on necessity for the performance of a contract or the implementation of pre-contractual measures taken at your request (for instance, for the transfer of personal data necessary for the services HathiTrust provides). However, please be aware that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this HathiTrust Privacy Policy.
Concerns
If you have any concerns or questions about how your personal data is used, please contact us at [email protected] We will promptly respond to your request and do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of the GDPR. You also have the right to submit a complaint in the Member State of your residence, place of work or of an alleged infringement of the GDPR.
Cookies on Our Website
What is a cookie?
Cookies are small text files that are saved in your browser by websites to remember your preferences, login information, and actions to help make the website work as expected. This site uses different types of cookies as listed below.
What types of cookies do we use?
Necessary Cookies
Necessary cookies are required to enable basic website functionality. The website cannot function without these cookies.
| Name | Type | Provider | Purpose |
|---|---|---|---|
| MDPsid HTstatus HTproviderName HT.notice HT_AUTHTYPE _shibsession_ _opensaml_idp HT-tracking-cookie-consent, HT-marketing-cookie-consent, HT-preferences-cookie-consent, HT-cookie-banner-seen | HTTP cookies | HathiTrust | These cookies manage authentication, user notifications, cookie preferences, and policy agreements. |
| STICKY | HTTP cookie | HAProxy | Load balancing traffic requests across multiple servers |
| _pk_testcookie | HTTP cookie | Matomo | Checks whether you have enabled cookies in your browser |
| __cflb | HTTP cookie | Cloudflare | Load balancing traffic requests across multiple data centers |
| __cf_bm | HTTP cookie | Cloudflare | Identification and mitigation of automated traffic |
Functional Cookies
Functional cookies allow us to remember your preferences when you use our website. These cookies include your preferred search and reading options.
| Name | Type | Provider | Purpose |
|---|---|---|---|
| HT.prefs | HTTP cookie | HathiTrust | This cookie sets your preferences as you use HathiTrust. For example, it stores what view mode you used for a book and opens subsequent books in that view mode until you change the mode. |
Statistics Cookies
Statistics cookies help us improve our website through feedback surveys or by analyzing usage by people like you. We anonymize and combine this data with other user data so that it can’t identify you.You can block these cookies without any impact to your usage of the site. Find more information on the HotJar and Matomo websites.
| Name | Type | Provider | Purpose |
|---|---|---|---|
| _pk_ref _pk_cvar _pk_id _pk_ses mtm_consent, mtm_consent_removed and mtm_cookie_consent matomo_ignore matomo_sessid _pk_hsr | HTTP cookie | Matomo | These cookies enable usage tracking in Matomo. The consent cookies track whether you have given or removed cookie consent for Matomo. |
| _hjClosedSurveyInvites _hjCookieTest _hjDonePolls _hjHasCachedUserAttributes _hjLocalStorageTest _hjMinimizedPolls _hjSession_{site_id} _hjSessionStorageTest _hjSessionUser_{site_id} _hjShownFeedbackMessage _hjTLDTest _hjUserAttributes _hjUserAttributesHash hjActiveViewportIds hjViewportId | HTTP cookie | HotJar | Hotjar cookies set information related to you, your session, and whether you’ve interacted with feedback or survey tools. |
Marketing Cookies
Our website enables limited Google marketing cookies.
| Name | Type | Provider | Purpose |
|---|---|---|---|
| Google Maps | HTML Local Storage | We embed a Google Map that displays the locations of all of our member institutions. This embed writes data to your browser’s local storage. |