Generally, PII is information that can be used on its own to identify a specific person. For example, PII can be a full name, home address, email address, phone number, or login details. In most cases, non-personally identifiable information or "non-PII" is data that cannot be used on its own to identify a specific person. For example, in the context of the Services, non-PII can be language preference, bookmarks, or highlights.
Non-PII is treated by OverDrive as PII when it's collected on an individual level and linked to any PII that you have chosen to submit to OverDrive or that OverDrive may have collected from your interactions with the Services.
You can use most Services without submitting much information to OverDrive. A valid library card or school ID is all you need to use most Services.
As part of your interaction with the library Services, you may willingly submit your PII in order to access certain features, such as submitting your email address in order to place a hold on a digital content title.
In addition to information that you may willingly submit to OverDrive, such as your library card number, school ID number, and/or email address, OverDrive may collect and store certain PII and non-PII related to your interactions and use of our Services, including but not limited to, IP address, device type, device ID, operating system, library card number, Adobe ID, library name, lending history, holds, reading progress, bookmarks, highlights, notes, and online activity.
Some Services provide the ability for you to see your lending history. If you are using your institution’s OverDrive-hosted website, Libby, or the OverDrive app, you will have the option to show your lending history. You can hide your lending history by following the instructions within the app or help articles. Your lending history is protected by OverDrive as confidential. It is not shared with any third parties, except to staff with appropriate authority acting within the scope of their duties for the administration of your institution (library, school, etc.). If we are compelled to disclose your lending history pursuant to a court order or subpoena, or to a person or agency with the relevant administrative or legislative investigative power, we will seek to challenge and limit the scope and comply with the authorized agency or person only as required by law.
OverDrive takes information security very seriously. We have implemented measures to protect against the loss, misuse, and alteration of your information. Your information is protected by physical, electronic, and procedural safeguards to prevent unauthorized disclosure. We encrypt the transmission of information using secure sockets layer (SSL) technology. We use computer safeguards such as firewalls and data encryption and physical access controls to our buildings and files. We authorize access to PII only for those employees who require it to fulfill their job responsibilities.
We collect information from you in order to:
OverDrive never sells your PII or non-PII. OverDrive will not use your information for any purposes other than the specified use.
Email addresses submitted to OverDrive for holds notifications are stored by OverDrive so you can place future holds in a quicker, more convenient manner. OverDrive will not use your email address to send you any marketing or promotional communications without your opt-in consent.
We may also use third parties to process information you willingly submit to OverDrive, such as Alchemer (fka SurveyGizmo, https://www.alchemer.com/) for product and experience surveys, OnceHub (https://www.oncehub.com/) for meeting scheduling, and Salesforce (https://www.salesforce.com/) for customer administration and support.
Third parties may utilize OverDrive’s APIs to integrate their application(s) with OverDrive-hosted digital content collections to promote the discovery and circulation of digital content. OverDrive APIs may use Google Analytics (https://analytics.google.com) to track anonymous usage data for research and analytics purposes.
We retain information for as long as OverDrive deems necessary to provide the Services or as otherwise permitted by applicable law. Information about users of school Services is only retained by OverDrive for the time period necessary to support the authorized school or educational purposes.
The ability to post reviews, ratings, and connect to social media to share digital content information is not a supported function of school Services, such as Sora.
If you contact OverDrive directly for assistance resolving an issue with the Services, it may be necessary for OverDrive to use support tools to resolve your issue. For a limited number of issues, these tools may provide OverDrive support personnel with visibility of your borrowing information while your support case is being resolved.
Your name, email address, and password are required to create an OverDrive account. By creating and using an OverDrive account and/or otherwise consenting to the sharing of information with us, you authorize OverDrive to collect and retain the PII submitted by you. You also affirm that you are at least 13 years of age and acknowledge that an OverDrive account is not intended for use by individuals under 13 years of age. You may not share your information regarding your OverDrive account, including but not limited to your login credentials such as your password.
OverDrive accounts are intended for patrons using their public library. An OverDrive account is not required to use school Services, such as Sora. OverDrive accounts are separate and distinct from any sign-up or authentication required for Sora.
You can change your preferences for receiving newsletters, promotional offers, product updates and other OverDrive-initiated communications by emailing email@example.com.
OverDrive's Instant Digital Card online service ("IDC") helps users obtain access to the library's OverDrive digital collection. Only authorized patrons of the library are permitted to access and checkout digital content from the library's digital collection.
You must be at least 13 years old to use IDC.
For users of libraries located in the U.S.:
To verify that your address is in your library's service area, OverDrive will share your name and mobile phone number with a third-party verification service, Cognito. Cognito will use your name and mobile phone number to return an address, if any, to OverDrive.
Cognito does not use your name or mobile phone number for marketing or sales purposes, nor do they share your name or mobile phone number with third parties for marketing or sales purposes.
OverDrive will send a text message to the mobile phone number you provide (standard text message rates apply) to verify the mobile phone number's association with you.
If you are validated as having a residential address within your library’s service area, your mobile phone number will serve as your digital library card and you will be able to access and checkout digital content from your library’s OverDrive digital collection. Your name, mobile phone number, and address are stored by OverDrive for the purpose of authenticating your checkouts from the library’s OverDrive digital collection. Unless otherwise permitted through your opt-in consent to receive marketing communications, OverDrive does not use your name or mobile phone number for marketing or sales purposes, nor do we share your name or mobile phone number with third parties for marketing or sales purposes.
In addition to obtaining checkout privileges to your library's digital collection, you may also be eligible for a library card for access to your library's additional resources (e.g., physical book and media borrowing). Through the validation process, OverDrive will store your address for the purpose of providing your name, address, mobile phone number, and email address (if provided by you) to your library, where you may be eligible for a library card for access to additional library resources. Your use of IDC confirms your consent to OverDrive providing your name, address, mobile phone number, and email address (if provided by you) with your library, and confirms your consent to be contacted by your library, if necessary.
If you have questions or concerns regarding IDC, please contact OverDrive at firstname.lastname@example.org.
For users of libraries located outside of the U.S.:
If your Code is validated by IDC, your mobile phone number will serve as your digital library card and you will be able to access and checkout digital content from your library’s OverDrive digital collection. Your name and mobile phone number are stored by OverDrive for the purpose of authenticating your checkouts from the library’s OverDrive digital collection. Unless otherwise permitted through your opt-in consent to receive marketing communications, OverDrive does not use your name or mobile phone number for marketing or sales purposes, nor do we share your name or mobile phone number with third parties for marketing or sales purposes.
In addition to obtaining checkout privileges to your library’s digital collection, you may also be eligible for a library card for access to your library’s additional resources (e.g., physical book and media borrowing). OverDrive may provide your name, mobile phone number, and email address (if provided by you) to your library, where you may be eligible for a library card for access to additional library resources. Your use of IDC confirms your consent to OverDrive providing your name, mobile phone number, and email address (if provided by you) with your library, and confirms your consent to be contacted by your library, if necessary.
If you have questions or concerns regarding IDC, please contact OverDrive at email@example.com.
Data Transfer. OverDrive has adopted Standard Contractual Clauses (SCCs) to safeguard international data transfers, including transfers of PII from the EU, Switzerland, and other countries that use SCCs, to the US. OverDrive has adopted the International Data Transfer Agreement (IDTA) to safeguard international data transfers of PII from the UK to the US.
Legal basis for processing your PII. If you are visiting a Service from the EU, we must have a legal basis to process your PII. There are different legal bases on which we rely to process your PII, namely:
Performance of a contract. The use of your PII may be necessary to perform the specified function for which you submit your PII, and/or perform other contractual obligations and policies under which we provide our Services to you;
Legitimate interests. We use your PII for our legitimate interests to improve our Services, for internal administration, and security purposes. In such circumstances, it is important for us to ensure that your data protection interests or fundamental rights and freedoms are not overridden by our legitimate interests.
If contacting us does not resolve your issue, you have the right to make a complaint to your data protection authority (if one exists in your country).
If you are not subject to EU law, these rights do not apply to you.
Information we collect directly from you. Depending on your use of the Services, the categories of information we may collect directly from you include the following:
We may also collect information you provide in your communications to us, such as when you respond to polls or surveys, or contact us with a question, comment, or request.
Information selling, sharing, and disclosing. OverDrive does not sell your information. OverDrive does not share your information with third parties for money or other valuable consideration. OverDrive may disclose your information to service providers solely for business purposes. These service providers support the internal operations of the Services, assist OverDrive in providing you access to the Services, and assist OverDrive in monitoring, analyzing, and optimizing the Services. The following categories of information may be disclosed to service providers for business purposes: identifiers and internet or other electronic network activity information.
Your rights under applicable law. If you are a California resident, you or your authorized agent may email firstname.lastname@example.org, call toll-free 866-269-5794, or visit the Data Request center to ask us to:
Users may freely exercise these rights without fear of being denied the Services.
OverDrive will provide notice to users of the Sora service in the event of a security breach or material change in terms as required by contract with OverDrive's customers and in compliance with applicable regulations.
In the event of a change of control (i.e. sale of sale or merger of OverDrive, Inc.) the successor entity will be subject to these same privacy commitments.
Please contact OverDrive at email@example.com if: