Clio Policies

Clio Terms and Conditions

Clio's US Terms and Conditions can be found here

Clio's UK Terms and Conditions can be found here

Clio's non-US/UK Terms and Conditions can be found here

Data Clio collects about you

  • Names and contact information of primary Library and Billing contacts
  • This information is used for communication between you and Clio and is not shared or used for any other purpose
  • Billing information, including Invoices, Purchase Orders, records of Payments, are maintained for ten (10) years. You may request a copy of this information at any time.
  • Cookies are used to allow logins and notifications.

Data Clio Processes on the Library's behalf

Clio provides Interlibrary Loan File Management Services. As part of this Service Clio processes information on the Library's behalf, including personal details of your end users. In GDPR terms, Clio is a Data Processor and the library is the Data Controller.

Cookies are used in the Public-facing applications to allow logins and notifications.

Clio provides reasonable protections of your data and provides you with controls to determine which information is collected and how long it is maintained.

All active requests (those with a status of New, Pending, Received Loan) will maintain their connections to their patron record in order to provide the Service. Completed requests (those with a status of Cancelled, Returned, Received Copy, Rejected) maintain their connections to their patron records until instructed otherwise by the Library.

Provision of personal accounts and a transaction history are part of a Service you provide to your end users. Clio provides the Library with the tools necessary to control the duration of those services.

If you have questions or concerns about these terms please contact jennifer@cliosoftware.co.uk

Data protections
  • Your database is used for your data alone.
  • Your database resides on a server shared only by other Clio customers.
  • For UK customers: Your database resides in Microsoft Azure's UK data centres and is backed up to a separate data centre within the UK.
  • For EU customers: Your database resides in Microsoft Azure's EU data centres and is backed up to a separate data centre within the EU.
  • For US customers: Your database resides in Microsoft Azure's US data centers and is backed up to a separate data center within the US.
  • For UK customers: Your data is never transferred out of the UK; in particular it is never transferred to the United States.
  • For EU customers: Your data is never transferred out of the EU; in particular it is never transferred to the United States.
  • Your data is stored in an encrypted form.
  • Clio will access your data only for the purpose of providing the ILL Service.
  • Clio's servers and networks are continuously monitored, using techniques including Intrusion detection, Distributed denial-of-service (DDoS) attack prevention, Penetration testing, Behavioral analytics, Anomaly detection.
  • Physically the server is protected by layers of defense-in-depth security that include perimeter fencing, video cameras, security personnel, secure entrances, and real-time communication networks.
  • Virtually the server is protected by data encryption, a firewall with whitelisted IP access, along with security credentials.
  • Clio's applications provide reasonable protections against attacks such as SQL injection, cross-site script injection.
  • A copy of your database may be temporarily created when necessary to resolve a technical problem. Any copy will be located within the same region as your database and destroyed within 24 hours.
  • In the unlikely event that it becomes necessary, Clio may seek the Library's permission to grant temporary access to the data to Microsoft technicians.
  • In the event of a data breach, Clio will inform the named Library contact within 24 hours.
Data retention Tools
  • Ability to control which information is collected from your end users
  • Ability to control information sent to other libraries within emails
  • Ability to communicate with your end users
    • Provide information about your policies on your Clio website
    • Provide information about your policies in transactional emails
    • Provide information about your policies using Email Blast feature
  • Ability to remove personal information from requests and from the database
    • Use the Database Cleanup tools to remove personally identifying information from ILL requests. This will remove requests from an end user's transaction history. The Library can choose the appropriate balance between providing useful information service and preserving privacy. Status and Department values will remain in the individual requests in order to provide statistics reports.
    • Use the Database Cleanup tools to remove email messages associated with completed requests.
    • Use the Database Cleanup tools to remove Expired patron records
    • Use the Clear Patron History function within an individual patron record to remove inactive requests from that individual's record.