Skip to content
  • There are no suggestions because the search field is empty.

Third Party Processing

We use certain subprocessors and content delivery networks to assist in providing the library management system.

What is a Subprocessor?

A subprocessor is a third party data processor engaged by us, who has or potentially will have access to or process library data (which may contain personal data). we engage different types of subprocessors to perform various functions as explained below.

 

Due Diligence

We undertake a commercially reasonable selection process by which we evaluate the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to or process service data.

 

RC Bookshop

We work in partnership with Peters to deliver an online bookshop to our customers. In order to be able to provide this service, customer details are passed to Peters to create a unique bookshop accessible through our library products.

Entity Name: Peters Ltd.

Entity Type/Purpose: Peters are the UK's leading supplier of books and furniture for nurseries, schools, academies and public libraries. Their aim is assisting in creating inspiring library spaces for children and young people to have access to great books and an enjoyable place to read them. We only provide details of the school to Peters. They do have access to resource information such as those currently in the library system. 

Entity Country: UK

 

Infrastructure Subprocessors – Service Data Storage

As previously mentioned we store and control access to the infrastructure within Microsoft Azure located in the United Kingdom. Microsoft employees do not have access to the library data.

Entity Name: Microsoft Azure

Entity Type/Purpose:Cloud Service Provider

Entity Country: UK

 

Content Delivery Networks

As mentioned above we use Cloudflare as a content delivery networks (CDNs), for security purposes, and to optimise content delivery. CDNs do not have access to library data but are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Website content served to website visitors and domain name information may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by that CDN to enable its functions. 

Entity Name: Cloudflare Inc

Entity Type/Purpose: Cloudflare Inc. (Cloudflare) provides content distribution, security and DNS services for web traffic transmitted to and from the library system. This allows us to efficiently manage traffic and secure the library system. The primary information Cloudflare has access to is information in and associated with the library website URL that the end user is interacting with (which includes end user IP addresses). All information (including library data) contained in web traffic transmitted to and from the library system is transmitted through Cloudflare's system, but Cloudflare does not have access to this information. 

Entity Country: UK

 

Optional Subprocessors

We vend a number of solutions which customers have the options of purchasing, therefore, these do not apply to all customers: 

Entity Name: Wonde

Entity Type/Purpose: For automatic transfer of staff and student data from your management information system (MIS) to the library system. The following mandatory fields are automatically transferred to the library system:

  • Forename
  • Surname
  • Year Group
  • Tutor Group
  • Management System ID Number.

The following are optional fields that can be transferred:

  • Address
  • Photograph
  • Email Address
  • Guardian Details including Address and Email

Wonde employees do not have access to the library data. They maybe called upon to consult on issues relating to support incidents, in which case the customer will be informed this is taking place. 

 

Entity Name: GroupCall

Entity Type/Purpose: For automatic transfer of staff and student data from your management information system (MIS) to the library system. The software sits within the school network or at the MIS hosted servers to transfer the information over a secure connection to the library system. The following mandatory fields are automatically transferred to the library system:

  • Forename
  • Surname
  • Gender
  • Date of Birth
  • Year Group
  • Tutor Group
  • Management System ID Number.

The following are optional fields that can be transferred:

  • Address
  • Phone Number
  • Photograph
  • Email Address
  • UPN
  • Ethnicity
  • House
  • Guardian Details including Address
  • Phone Number
  • Email Address

GroupCall employees do not have access to the library data. They maybe called upon to consult on issues relating to support incidents, in which case the customer will be informed this is taking place. 

Entity Country: UK

 

Entity Name: OverDrive

Entity Type/Purpose: eBook platform provider which allows borrowers to access eBooks from the RC library system. This software has two authentication mechanisms.

  • Recommended by us - Library industry standard protocol (SIP2) is used to communicate with the platform and borrower data is not transferred to OverDrive. OverDrive queries the library system at each stage, therefore, OverDrive do not have access to the library data.
  • Library Card Manager - An OverDrive powered authentication system that allows your library to upload a list of library card numbers. This option will require you to import your borrowers. 

Entity Country: US

 

Entity Name: BioStore

Entity Type/Purpose: Biometric identification for staff and students within the library system to allow circulation. Borrower data is imported into a locally stored BioStore database held on a server at the school via CSV or GroupCall scheduled task. RC then uses a unique identifier which is the same in both systems to match the biometric data to the student and find their account in the library system. BioStore employees have no access to the library database unless assisting with support inquiries and authorisation is arranged before this commences. The BioStore database is stored on the organisation's servers, not outside the network. BioStore would expect the organisation to apply the same level of physical security to biometric data as they do to other sensitive data held within the organisation. BioStore would expect an organisation to destroy the records of individuals who have left the organisation. BioStore uses AES256 encryption - a US government and worldwide encryption standard. This also applies to communication between different parts of the BioStore system. Each organisation has a unique key that is used for encrypting the database so a database cannot be transferred to another system and viewed. For more information click here and here.

Entity Country: UK

 

Entity Name: Other Third Parties Using SIP2

Entity Type/Purpose: You are able to purchase a licence for SIP2 integration which allows your suppliers to interact with the library system on an Industry standard protocol. These include security gate providers such as SA Secure, D-tech and PSP, Self-service machines such as 3M, D-tech and others. These company's products query the library data each time and do not transfer the data. 

Entity Country: Variable.